Copy the KDE 3.5 branch to branches/trinity for new KDE 3.5 features.

BUG:215923


git-svn-id: svn://anonsvn.kde.org/home/kde/branches/trinity/kdepim@1054174 283d02a7-25f6-0310-bc7c-ecb5cbfe19da

37 files changed, 4611 insertions, 0 deletions

diff --git a/certmanager/lib/kleo/Makefile.am b/certmanager/lib/kleo/Makefile.am
new file mode 100644
index 000000000..0465bb2da
--- /dev/null
+++ b/certmanager/lib/kleo/Makefile.am
@@ -0,0 +1,37 @@
+INCLUDES = -I$(top_srcdir)/libkdenetwork \
+	-I$(top_srcdir)/certmanager/lib \
+	$(GPGME_CFLAGS) $(all_includes)
+
+noinst_LTLIBRARIES = libkleopatra_core.la
+
+libkleopatra_core_la_SOURCES = \
+	cryptobackend.cpp \
+	cryptobackendfactory.cpp \
+	enum.cpp \
+	dn.cpp \
+	job.cpp \
+	\
+	multideletejob.cpp \
+	hierarchicalkeylistjob.cpp \
+	\
+	kconfigbasedkeyfilter.cpp \
+	keyfiltermanager.cpp
+
+kleodir = $(includedir)/kleo
+kleo_HEADERS = \
+	enum.h \
+	cryptobackend.h \
+	cryptobackendfactory.h \
+	cryptoconfig.h \
+	dn.h \
+	job.h \
+	keylistjob.h keygenerationjob.h importjob.h exportjob.h downloadjob.h deletejob.h \
+	encryptjob.h decryptjob.h signjob.h verifydetachedjob.h verifyopaquejob.h \
+	decryptverifyjob.h signencryptjob.h refreshkeysjob.h \
+	multideletejob.h \
+	hierarchicalkeylistjob.h \
+	\
+	keyfilter.h \
+	keyfiltermanager.h
+
+METASOURCES = AUTO
diff --git a/certmanager/lib/kleo/cryptobackend.cpp b/certmanager/lib/kleo/cryptobackend.cpp
new file mode 100644
index 000000000..7a779c8ed
--- /dev/null
+++ b/certmanager/lib/kleo/cryptobackend.cpp
@@ -0,0 +1,36 @@
+/*
+    kleo/cryptobackend.cpp
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2005 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#include "cryptobackend.h"
+
+const char Kleo::CryptoBackend::OpenPGP[] = "OpenPGP";
+const char Kleo::CryptoBackend::SMIME[] = "SMIME";
diff --git a/certmanager/lib/kleo/cryptobackend.h b/certmanager/lib/kleo/cryptobackend.h
new file mode 100644
index 000000000..a94e1ae3a
--- /dev/null
+++ b/certmanager/lib/kleo/cryptobackend.h
@@ -0,0 +1,122 @@
+/*
+    kleo/cryptobackend.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004,2005 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_CRYPTOBACKEND_H__
+#define __KLEO_CRYPTOBACKEND_H__
+
+#include <qstring.h>
+
+namespace Kleo {
+  class CryptoConfig;
+  class KeyListJob;
+  class KeyGenerationJob;
+  class ImportJob;
+  class ExportJob;
+  class DownloadJob;
+  class DeleteJob;
+  class EncryptJob;
+  class DecryptJob;
+  class SignJob;
+  class VerifyDetachedJob;
+  class VerifyOpaqueJob;
+  class SignEncryptJob;
+  class DecryptVerifyJob;
+  class RefreshKeysJob;
+  class SpecialJob;
+}
+
+class QString;
+class QVariant;
+template <typename T_Key, typename T_Value> class QMap;
+
+namespace Kleo {
+
+  class CryptoBackend {
+  public:
+    class Protocol;
+
+    static const char OpenPGP[];
+    static const char SMIME[];
+
+    virtual ~CryptoBackend() {}
+
+    virtual QString name() const = 0;
+    virtual QString displayName() const = 0;
+
+    virtual bool checkForOpenPGP( QString * reason=0 ) const = 0;
+    virtual bool checkForSMIME( QString * reason=0 ) const = 0;
+    virtual bool checkForProtocol( const char * name,  QString * reason=0 ) const = 0;
+
+    virtual bool supportsOpenPGP() const = 0;
+    virtual bool supportsSMIME() const = 0;
+    virtual bool supportsProtocol( const char * name ) const = 0;
+
+    virtual CryptoConfig * config() const = 0;
+
+    virtual Protocol * openpgp() const = 0;
+    virtual Protocol * smime() const = 0;
+    virtual Protocol * protocol( const char * name ) const = 0;
+
+    virtual const char * enumerateProtocols( int i ) const = 0;
+  };
+
+  class CryptoBackend::Protocol {
+  public:
+    virtual ~Protocol() {}
+
+    virtual QString name() const = 0;
+
+    virtual QString displayName() const = 0;
+
+    virtual KeyListJob        * keyListJob( bool remote=false, bool includeSigs=false, bool validate=false ) const = 0;
+    virtual EncryptJob        * encryptJob( bool armor=false, bool textmode=false ) const = 0;
+    virtual DecryptJob        * decryptJob() const = 0;
+    virtual SignJob           * signJob( bool armor=false, bool textMode=false ) const = 0;
+    virtual VerifyDetachedJob * verifyDetachedJob( bool textmode=false) const = 0;
+    virtual VerifyOpaqueJob   * verifyOpaqueJob( bool textmode=false ) const = 0;
+    virtual KeyGenerationJob  * keyGenerationJob() const = 0;
+    virtual ImportJob         * importJob() const = 0;
+    virtual ExportJob         * publicKeyExportJob( bool armor=false ) const = 0;
+    // @param charset the encoding of the passphrase in the exported file
+    virtual ExportJob         * secretKeyExportJob( bool armor=false, const QString& charset = QString::null ) const = 0;
+    virtual DownloadJob       * downloadJob( bool armor=false ) const = 0;
+    virtual DeleteJob         * deleteJob() const = 0;
+    virtual SignEncryptJob    * signEncryptJob( bool armor=false, bool textMode=false ) const = 0;
+    virtual DecryptVerifyJob  * decryptVerifyJob( bool textmode=false ) const = 0;
+    virtual RefreshKeysJob    * refreshKeysJob() const = 0;
+
+    virtual SpecialJob        * specialJob( const char * type, const QMap<QString,QVariant> & args ) const = 0;
+  };
+
+}
+
+#endif // __KLEO_CRYPTOBACKEND_H__
diff --git a/certmanager/lib/kleo/cryptobackendfactory.cpp b/certmanager/lib/kleo/cryptobackendfactory.cpp
new file mode 100644
index 000000000..c56a7096f
--- /dev/null
+++ b/certmanager/lib/kleo/cryptobackendfactory.cpp
@@ -0,0 +1,275 @@
+/*
+    cryptobackendfactory.cpp
+
+    This file is part of libkleopatra, the KDE key management library
+    Copyright (c) 2001,2004,2005 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "cryptobackendfactory.h"
+
+#include <backends/qgpgme/qgpgmebackend.h>
+#if 0 // disabled for kde-3.3
+#include <backends/kpgp/pgp2backend.h>
+#include <backends/kpgp/pgp5backend.h>
+#include <backends/kpgp/pgp6backend.h>
+#include <backends/kpgp/gpg1backend.h>
+#endif
+#include <backends/chiasmus/chiasmusbackend.h>
+#include <ui/backendconfigwidget.h>
+
+#include <kconfig.h>
+#include <klocale.h>
+#include <kdebug.h>
+#include <kmessagebox.h>
+#include <kapplication.h>
+
+#include <iterator>
+#include <algorithm>
+
+#include <cassert>
+
+Kleo::CryptoBackendFactory * Kleo::CryptoBackendFactory::mSelf = 0;
+
+static const char * availableProtocols[] = {
+  "Chiasmus",
+  "OpenPGP", "SMIME",
+};
+static const unsigned int numAvailableProtocols = sizeof availableProtocols / sizeof *availableProtocols;
+
+Kleo::CryptoBackendFactory::CryptoBackendFactory()
+  : QObject( qApp, "CryptoBackendFactory::instance()" ),
+    mConfigObject( 0 ),
+    mAvailableProtocols( availableProtocols, availableProtocols + numAvailableProtocols )
+{
+  mBackendList.push_back( new QGpgMEBackend() );
+#if 0 // disabled for kde-3.3
+  mBackendList.push_back( new PGP2Backend() );
+  mBackendList.push_back( new PGP5Backend() );
+  mBackendList.push_back( new PGP6Backend() );
+  mBackendList.push_back( new GPG1Backend() );
+#endif
+  mBackendList.push_back( new ChiasmusBackend() );
+  scanForBackends();
+  readConfig();
+
+  mSelf = this; // last!
+}
+
+Kleo::CryptoBackendFactory::~CryptoBackendFactory() {
+  mSelf = 0; // first!
+
+  for ( std::vector<CryptoBackend*>::iterator it = mBackendList.begin() ; it != mBackendList.end() ; ++it ) {
+    delete *it;
+    *it = 0;
+  }
+  delete mConfigObject;
+  mConfigObject = 0;
+}
+
+Kleo::CryptoBackendFactory * Kleo::CryptoBackendFactory::instance() {
+  if ( !mSelf )
+    mSelf = new CryptoBackendFactory();
+  return mSelf;
+}
+
+
+// const Kleo::CryptoBackend* Kleo::CryptoBackendFactory::smimeBackend() const {
+//   return mSMIMEBackend;
+// }
+
+// const Kleo::CryptoBackend* Kleo::CryptoBackendFactory::openpgpBackend() const {
+//   return mOpenPGPBackend;
+// }
+
+const Kleo::CryptoBackend::Protocol * Kleo::CryptoBackendFactory::smime() const {
+  const BackendMap::const_iterator it = mBackends.find( "SMIME" );
+  if ( it == mBackends.end() )
+    return 0;
+  if ( !it->second )
+    return 0;
+  return it->second->smime();
+}
+
+const Kleo::CryptoBackend::Protocol * Kleo::CryptoBackendFactory::openpgp() const {
+  const BackendMap::const_iterator it = mBackends.find( "OpenPGP" );
+  if ( it == mBackends.end() )
+    return 0;
+  if ( !it->second )
+    return 0;
+  return it->second->openpgp();
+}
+
+const Kleo::CryptoBackend::Protocol * Kleo::CryptoBackendFactory::protocol( const char * name ) const {
+  const BackendMap::const_iterator it = mBackends.find( name );
+  if ( it == mBackends.end() )
+    return 0;
+  if ( !it->second )
+    return 0;
+  return it->second->protocol( name );
+}
+
+Kleo::CryptoConfig * Kleo::CryptoBackendFactory::config() const {
+  // ## should we use mSMIMEBackend? mOpenPGPBackend? backend(0) i.e. always qgpgme?
+  return backend( 0 ) ? backend( 0 )->config() : 0;
+}
+
+bool Kleo::CryptoBackendFactory::hasBackends() const {
+  return !mBackendList.empty();
+}
+
+void Kleo::CryptoBackendFactory::scanForBackends( QStringList * reasons ) {
+  for ( std::vector<CryptoBackend*>::const_iterator it = mBackendList.begin() ; it != mBackendList.end() ; ++it ) {
+    assert( *it );
+    for ( int i = 0 ; const char * protocol = (*it)->enumerateProtocols( i ) ; ++i ) {
+      QString reason;
+      if ( (*it)->supportsProtocol( protocol ) && !(*it)->checkForProtocol( protocol, &reason ) ) {
+        if ( reasons ) {
+          reasons->push_back( i18n("While scanning for %1 support in backend %2:")
+                              .arg( protocol, (*it)->displayName() ) );
+          reasons->push_back( "  " + reason );
+        }
+      }
+    }
+  }
+}
+
+const Kleo::CryptoBackend * Kleo::CryptoBackendFactory::backend( unsigned int idx ) const {
+  return ( idx < mBackendList.size() ) ? mBackendList[idx] : 0 ;
+}
+
+const Kleo::CryptoBackend * Kleo::CryptoBackendFactory::backendByName( const QString& name ) const {
+  for ( std::vector<CryptoBackend*>::const_iterator it = mBackendList.begin() ; it != mBackendList.end() ; ++it ) {
+    if ( (*it)->name() == name )
+      return *it;
+  }
+  return 0;
+}
+
+Kleo::BackendConfigWidget * Kleo::CryptoBackendFactory::configWidget( QWidget * parent, const char * name ) const {
+  return new Kleo::BackendConfigWidget( mSelf, parent, name );
+}
+
+KConfig* Kleo::CryptoBackendFactory::configObject() const {
+  if ( !mConfigObject )
+    // this is unsafe. We're a lib, used by concurrent apps.
+    mConfigObject = new KConfig( "libkleopatrarc" );
+  return mConfigObject;
+}
+
+void Kleo::CryptoBackendFactory::setSMIMEBackend( const CryptoBackend* backend ) {
+  setProtocolBackend( "SMIME", backend );
+}
+
+void Kleo::CryptoBackendFactory::setOpenPGPBackend( const CryptoBackend* backend ) {
+  setProtocolBackend( "OpenPGP", backend );
+}
+
+void Kleo::CryptoBackendFactory::setProtocolBackend( const char * protocol, const CryptoBackend * backend ) {
+  const QString name = backend ? backend->name() : QString::null ;
+  KConfigGroup group( configObject(), "Backends" );
+  group.writeEntry( protocol, name );
+  configObject()->sync();
+  mBackends[protocol] = backend;
+}
+
+static const char * defaultBackend( const char * proto ) {
+  static const struct {
+    const char * proto;
+    const char * backend;
+  } defaults[] = {
+    { "OpenPGP", "gpgme" },
+    { "SMIME", "gpgme" },
+    { "Chiasmus", "chiasmus" },
+  };
+  for ( unsigned int i = 0 ; i < sizeof defaults / sizeof *defaults ; ++i )
+    if ( qstricmp( proto, defaults[i].proto ) == 0 )
+      return defaults[i].backend;
+  return 0;
+}
+
+void Kleo::CryptoBackendFactory::readConfig() {
+  mBackends.clear();
+  const KConfigGroup group( configObject(), "Backends" );
+  for ( ProtocolSet::const_iterator it = mAvailableProtocols.begin(), end = mAvailableProtocols.end() ; it != end ; ++it ) {
+    const QString backend = group.readEntry( *it, defaultBackend( *it ) );
+    mBackends[*it] = backendByName( backend );
+  }
+}
+
+const char * Kleo::CryptoBackendFactory::enumerateProtocols( int i ) const {
+  if ( i < 0 || static_cast<unsigned int>( i ) >= mAvailableProtocols.size() )
+    return 0;
+  return mAvailableProtocols[i];
+}
+
+namespace {
+  class CaseInsensitiveString {
+    const char * m;
+  public:
+    CaseInsensitiveString( const char * s ) : m( s ) {}
+#define make_operator( op ) \
+    bool operator op( const CaseInsensitiveString & other ) const { \
+      return qstricmp( m, other.m ) op 0; \
+    } \
+    bool operator op( const char * other ) const { \
+      return qstricmp( m, other ) op 0; \
+    }
+    make_operator( == )
+    make_operator( != )
+    make_operator( < )
+    make_operator( > )
+    make_operator( <= )
+    make_operator( >= )
+#undef make_operator
+    operator const char *() const { return m; }
+  };
+#define make_ext_operator( op, inv_op ) \
+  inline bool operator op( const char * lhs, const CaseInsensitiveString & rhs ) { \
+    return rhs.operator inv_op( lhs ); \
+  }
+  make_ext_operator( ==, == )
+  make_ext_operator( !=, != )
+  make_ext_operator( <, > )
+  make_ext_operator( >, < )
+  make_ext_operator( <=, >= )
+  make_ext_operator( >=, <= )
+#undef make_ext_operator
+
+}
+
+bool Kleo::CryptoBackendFactory::knowsAboutProtocol( const char * name ) const {
+  return std::find( mAvailableProtocols.begin(), mAvailableProtocols.end(),
+                    CaseInsensitiveString( name ) ) != mAvailableProtocols.end();
+}
+
+#include "cryptobackendfactory.moc"
+
diff --git a/certmanager/lib/kleo/cryptobackendfactory.h b/certmanager/lib/kleo/cryptobackendfactory.h
new file mode 100644
index 000000000..7a54e9fd1
--- /dev/null
+++ b/certmanager/lib/kleo/cryptobackendfactory.h
@@ -0,0 +1,117 @@
+/*
+    kleo/cryptobackendfactory.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004,2005 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_CRYPTOBACKENDFACTORY_H__
+#define __KLEO_CRYPTOBACKENDFACTORY_H__
+
+#include <qobject.h>
+
+#include "cryptobackend.h"
+#include <kdepimmacros.h>
+
+#include <vector>
+#include <map>
+
+namespace Kleo {
+  class BackendConfigWidget;
+}
+
+class QString;
+class KConfig;
+
+namespace Kleo {
+
+  struct lt_i_str {
+    bool operator()( const char * one, const char * two ) const {
+      return qstricmp( one, two ) < 0;
+    }
+  };
+
+  class KDE_EXPORT CryptoBackendFactory : public QObject {
+    Q_OBJECT
+  protected:
+    CryptoBackendFactory();
+    ~CryptoBackendFactory();
+  public:
+    static CryptoBackendFactory * instance();
+
+    const CryptoBackend::Protocol * smime() const;
+    const CryptoBackend::Protocol * openpgp() const;
+    const CryptoBackend::Protocol * protocol( const char * name ) const;
+    CryptoConfig * config() const;
+
+    const CryptoBackend * backend( unsigned int idx ) const;
+
+    bool hasBackends() const;
+
+    Kleo::BackendConfigWidget * configWidget( QWidget * parent=0, const char * name=0 ) const;
+
+    KConfig* configObject() const;
+
+    // The preferred backend for smime (can be 0) - currently unused
+    //const CryptoBackend* smimeBackend() const;
+    // The preferred backend for openpgp (can be 0) - currently unused
+    //const CryptoBackend* openpgpBackend() const;
+
+    // For BackendConfigWidget to save the configuration
+    // 0 means no backend selected.
+    void setSMIMEBackend( const CryptoBackend* backend );
+    void setOpenPGPBackend( const CryptoBackend* backend );
+    void setProtocolBackend( const char * name, const CryptoBackend * backend );
+
+    void scanForBackends( QStringList * reasons=0 );
+
+    const char * enumerateProtocols( int i ) const;
+
+    bool knowsAboutProtocol( const char * name ) const;
+
+  protected:
+    std::vector<CryptoBackend*> mBackendList;
+    mutable KConfig* mConfigObject;
+    typedef std::map<const char *, const CryptoBackend*, lt_i_str> BackendMap;
+    BackendMap mBackends;
+    typedef std::vector<const char *> ProtocolSet;
+    ProtocolSet mAvailableProtocols;
+
+  private:
+    const CryptoBackend * backendByName( const QString& name ) const;
+    void readConfig();
+    CryptoBackendFactory( const CryptoBackendFactory & );
+    void operator=( const CryptoBackendFactory & );
+
+    static CryptoBackendFactory * mSelf;
+  };
+
+
+}
+
+#endif // __KLEO_CRYPTOBACKENDFACTORY_H__
diff --git a/certmanager/lib/kleo/cryptoconfig.h b/certmanager/lib/kleo/cryptoconfig.h
new file mode 100644
index 000000000..da16ca5b5
--- /dev/null
+++ b/certmanager/lib/kleo/cryptoconfig.h
@@ -0,0 +1,387 @@
+/*
+    cryptoconfig.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef CRYPTOCONFIG_H
+#define CRYPTOCONFIG_H
+
+#ifdef __cplusplus
+/* we read this file from a C compiler, and are only interested in the
+ * enums... */
+
+#include <kurl.h>
+
+/* Start reading this file from the bottom up :) */
+
+namespace Kleo {
+
+  /**
+   * Description of a single option
+   */
+  class CryptoConfigEntry {
+
+  public:
+#endif /* __cplusplus */
+    /**
+       @li basic	This option should always be offered to the user.
+       @li advanced	This option may be offered to advanced users.
+       @li expert	This option should only be offered to expert users.
+       */
+    enum Level { Level_Basic = 0,
+                 Level_Advanced = 1,
+                 Level_Expert = 2 };
+
+    /**
+       Type of the argument
+       @li ArgType_None	The option is set or not set, but no argument.
+       @li ArgType_String	An unformatted string.
+       @li ArgType_Int		A signed integer number.
+       @li ArgType_UInt	An unsigned integer number.
+       @li ArgType_Path	A string that describes the pathname of a file.
+       The file does not necessarily need to exist.
+       Separated from string so that e.g. a KURLRequester can be used.
+       @li ArgType_DirPath	A string that describes the pathname of a directory.
+       The directory does not necessarily need to exist.
+       Separated from path so that e.g. a KURLRequester can be used which only
+       allows directories to be selected.
+       @li ArgType_URL		A URL
+       @li ArgType_LDAPURL	A LDAP URL
+       Separated from URL so that a more specific widget can be shown, hiding the url syntax
+    */
+    enum ArgType { ArgType_None = 0,
+                   ArgType_String = 1,
+                   ArgType_Int = 2,
+                   ArgType_UInt = 3,
+                   ArgType_Path = 4,
+                   ArgType_URL = 5,
+                   ArgType_LDAPURL = 6,
+                   ArgType_DirPath = 7 };
+
+#ifdef __cplusplus
+    virtual ~CryptoConfigEntry() {}
+
+    /**
+     * Return the internal name of this entry
+     */
+    virtual QString name() const = 0;
+
+    /**
+     * @return user-visible description of this entry
+     */
+    virtual QString description() const = 0;
+
+    /**
+     * @return true if the argument is optional
+     */
+    virtual bool isOptional() const = 0;
+
+    /**
+     * @return true if the entry is readonly
+     */
+    virtual bool isReadOnly() const = 0;
+
+    /**
+     * @return true if the argument can be given multiple times
+     */
+    virtual bool isList() const = 0;
+
+    /**
+     * @return true if the argument can be changed at runtime
+     */
+    virtual bool isRuntime() const = 0;
+
+    /**
+     * User level
+     */
+    virtual Level level() const = 0;
+
+    /**
+     * Argument type
+     */
+    virtual ArgType argType() const = 0;
+
+    /**
+     * Return true if the option is set, i.e. different from default
+     */
+    virtual bool isSet() const = 0;
+
+    /**
+     * Return value as a bool (only allowed for ArgType_None)
+     */
+    virtual bool boolValue() const = 0;
+
+    /**
+     * Return value as a string (available for all argtypes)
+     * The returned string can be empty (explicitely set to empty) or null (not set).
+     */
+    virtual QString stringValue() const = 0;
+
+    /**
+     * Return value as a signed int
+     */
+    virtual int intValue() const = 0;
+
+    /**
+     * Return value as an unsigned int
+     */
+    virtual unsigned int uintValue() const = 0;
+
+    /**
+     * Return value as a URL (only meaningful for Path and URL argtypes)
+     */
+    virtual KURL urlValue() const = 0;
+
+    /**
+     * Return number of times the option is set (only valid for ArgType_None, if isList())
+     */
+    virtual unsigned int numberOfTimesSet() const = 0;
+
+    /**
+     * Return value as a list of strings (mostly meaningful for String, Path and URL argtypes, if isList())
+     */
+    virtual QStringList stringValueList() const = 0;
+
+    /**
+     * Return value as a list of signed ints
+     */
+    virtual QValueList<int> intValueList() const = 0;
+
+    /**
+     * Return value as a list of unsigned ints
+     */
+    virtual QValueList<unsigned int> uintValueList() const = 0;
+
+    /**
+     * Return value as a list of URLs (only meaningful for Path and URL argtypes, if isList())
+     */
+    virtual KURL::List urlValueList() const = 0;
+
+    /**
+     * Reset an option to its default value
+     */
+    virtual void resetToDefault() = 0;
+
+    /**
+     * Define whether the option is set or not (only allowed for ArgType_None)
+     * #### TODO: and for options with optional args
+     */
+    virtual void setBoolValue( bool ) = 0;
+
+    /**
+     * Set string value (allowed for all argtypes)
+     */
+    virtual void setStringValue( const QString& ) = 0;
+
+    /**
+     * Set a new signed int value
+     */
+    virtual void setIntValue( int ) = 0;
+
+    /**
+     * Set a new unsigned int value
+     */
+    virtual void setUIntValue( unsigned int ) = 0;
+
+    /**
+     * Set value as a URL (only meaningful for Path (if local) and URL argtypes)
+     */
+    virtual void setURLValue( const KURL& ) = 0;
+
+    /**
+     * Set the number of times the option is set (only valid for ArgType_None, if isList())
+     */
+    virtual void setNumberOfTimesSet( unsigned int ) = 0;
+
+    /**
+     * Set a new string-list value (only allowed for String, Path and URL argtypes, if isList())
+     */
+    virtual void setStringValueList( const QStringList& ) = 0;
+
+    /**
+     * Set a new list of signed int values
+     */
+    virtual void setIntValueList( const QValueList<int>& ) = 0;
+
+    /**
+     * Set a new list of unsigned int values
+     */
+    virtual void setUIntValueList( const QValueList<unsigned int>& ) = 0;
+
+    /**
+     * Set value as a URL list (only meaningful for Path (if all URLs are local) and URL argtypes, if isList())
+     */
+    virtual void setURLValueList( const KURL::List& ) = 0;
+
+    /**
+     * @return true if the value was changed
+     */
+    virtual bool isDirty() const = 0;
+  };
+
+  /**
+   * Group containing a set of config options
+   */
+  class CryptoConfigGroup {
+
+  public:
+    virtual ~CryptoConfigGroup() {}
+
+    /**
+     * Return the internal name of this group
+     */
+    virtual QString name() const = 0;
+
+    /**
+     * Return the name of the icon for this group
+     */
+    virtual QString iconName() const = 0;
+
+    /**
+     * @return user-visible description of this group
+     */
+    virtual QString description() const = 0;
+
+    /**
+     * User level
+     */
+    virtual CryptoConfigEntry::Level level() const = 0;
+
+    /**
+     * Returns the list of entries that are known by this group.
+     *
+     * @return list of group entry names.
+     **/
+    virtual QStringList entryList() const = 0;
+
+    /**
+     * @return the configuration object for a given entry in this group
+     * The object is owned by CryptoConfigGroup, don't delete it.
+     * Groups cannot be nested, so all entries returned here are pure entries, no groups.
+     */
+    virtual CryptoConfigEntry* entry( const QString& name ) const = 0;
+  };
+
+  /**
+   * Crypto config for one component (e.g. gpg-agent, dirmngr etc.)
+   */
+  class CryptoConfigComponent {
+
+  public:
+    virtual ~CryptoConfigComponent() {}
+
+    /**
+     * Return the internal name of this component
+     */
+    virtual QString name() const = 0;
+
+    /**
+     * Return the name of the icon for this component
+     */
+    virtual QString iconName() const = 0;
+
+    /**
+     * Return user-visible description of this component
+     */
+    virtual QString description() const = 0;
+
+    /**
+     * Returns the list of groups that are known about.
+     *
+     * @return list of group names. One of them can be "<nogroup>", which is the group where all
+     * "toplevel" options (belonging to no group) are.
+     */
+    virtual QStringList groupList() const = 0;
+
+    /**
+     * @return the configuration object for a given group
+     * The object is owned by CryptoConfigComponent, don't delete it.
+     */
+    virtual CryptoConfigGroup* group( const QString& name ) const = 0;
+
+  };
+
+  /**
+   * Main interface to crypto configuration.
+   */
+  class CryptoConfig {
+
+  public:
+    virtual ~CryptoConfig() {}
+
+    /**
+     * Returns the list of known components (e.g. "gpg-agent", "dirmngr" etc.).
+     * Use @ref component() to retrieve more information about each one.
+     * @return list of component names.
+     **/
+    virtual QStringList componentList() const = 0;
+
+    /**
+     * @return the configuration object for a given component
+     * The object is owned by CryptoConfig, don't delete it.
+     */
+    virtual CryptoConfigComponent* component( const QString& name ) const = 0;
+
+    /**
+     * Convenience method to get hold of a single configuration entry when
+     * its component, group and name are known. This can be used to read
+     * the value and/or to set a value to it.
+     *
+     * @return the configuration object for a single configuration entry, 0 if not found.
+     * The object is owned by CryptoConfig, don't delete it.
+     */
+    CryptoConfigEntry* entry( const QString& componentName, const QString& groupName, const QString& entryName ) const {
+      const Kleo::CryptoConfigComponent* comp = component( componentName );
+      const Kleo::CryptoConfigGroup* group = comp ? comp->group( groupName ) : 0;
+      return group ? group->entry( entryName ) : 0;
+    }
+
+    /**
+     * Write back changes
+     *
+     * @param runtime If this option is set, the changes will take effect at run-time, as
+     * far as this is possible.  Otherwise, they will take effect at the next
+     * start of the respective backend programs.
+     */
+    virtual void sync( bool runtime ) = 0;
+
+    /**
+     * Tells the CryptoConfig to discard any cached information, including
+     * all components, groups and entries.
+     * Call this to free some memory when you won't be using the object
+     * for some time.
+     * DON'T call this if you're holding pointers to components, groups or entries.
+     */
+    virtual void clear() = 0;
+  };
+
+}
+#endif /* __cplusplus */
+#endif /* CRYPTOCONFIG_H */
diff --git a/certmanager/lib/kleo/decryptjob.h b/certmanager/lib/kleo/decryptjob.h
new file mode 100644
index 000000000..e882152a0
--- /dev/null
+++ b/certmanager/lib/kleo/decryptjob.h
@@ -0,0 +1,84 @@
+/*
+    decryptjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_DECRYPTJOB_H__
+#define __KLEO_DECRYPTJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class DecryptionResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous decrypters
+
+     To use a DecryptJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the decryption with a
+     call to start(). This call might fail, in which case the
+     DecryptJob instance will have scheduled it's own destruction with
+     a call to QObject::deleteLater().
+
+     After result() is emitted, the DecryptJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class DecryptJob : public Job {
+    Q_OBJECT
+  protected:
+    DecryptJob( QObject * parent, const char * name );
+  public:
+    ~DecryptJob();
+
+    /**
+       Starts the decryption operation. \a cipherText is the data to
+       decrypt.
+    */
+    virtual GpgME::Error start( const QByteArray & cipherText ) = 0;
+
+    virtual GpgME::DecryptionResult exec( const QByteArray & cipherText,
+					  QByteArray & plainText ) = 0;
+
+  signals:
+    void result( const GpgME::DecryptionResult & result, const QByteArray & plainText );
+  };
+
+}
+
+#endif // __KLEO_DECRYPTJOB_H__
diff --git a/certmanager/lib/kleo/decryptverifyjob.h b/certmanager/lib/kleo/decryptverifyjob.h
new file mode 100644
index 000000000..f7cdb81a1
--- /dev/null
+++ b/certmanager/lib/kleo/decryptverifyjob.h
@@ -0,0 +1,90 @@
+/*
+    decryptverifyjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_DECRYPTVERIFYJOB_H__
+#define __KLEO_DECRYPTVERIFYJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+#include <utility>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class DecryptionResult;
+  class VerificationResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous combined decrypters and verifiers
+
+     To use a DecryptVerifyJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the operation with a
+     call to start(). This call might fail, in which case the
+     DecryptVerifyJob instance will have scheduled it's own destruction with
+     a call to QObject::deleteLater().
+
+     After result() is emitted, the DecryptVerifyJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class DecryptVerifyJob : public Job {
+    Q_OBJECT
+  protected:
+    DecryptVerifyJob( QObject * parent, const char * name );
+  public:
+    ~DecryptVerifyJob();
+
+    /**
+       Starts the combined decryption and verification operation.
+       \a cipherText is the data to decrypt and later verify.
+    */
+    virtual GpgME::Error start( const QByteArray & cipherText ) = 0;
+
+    /** Synchronous equivalent of start() */
+    virtual std::pair<GpgME::DecryptionResult,GpgME::VerificationResult>
+      exec( const QByteArray & cipherText, QByteArray & plainText ) = 0;
+
+  signals:
+    void result( const GpgME::DecryptionResult & decryptionresult,
+		 const GpgME::VerificationResult & verificationresult,
+		 const QByteArray & plainText );
+  };
+
+}
+
+#endif // __KLEO_DECRYPTVERIFYJOB_H__
diff --git a/certmanager/lib/kleo/deletejob.h b/certmanager/lib/kleo/deletejob.h
new file mode 100644
index 000000000..fd70ec513
--- /dev/null
+++ b/certmanager/lib/kleo/deletejob.h
@@ -0,0 +1,78 @@
+/*
+    deletejob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_DELETEJOB_H__
+#define __KLEO_DELETEJOB_H__
+
+#include "job.h"
+
+namespace GpgME {
+  class Error;
+  class Key;
+}
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous deleters
+
+     To use a DeleteJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the delete with a call
+     to start(). This call might fail, in which case the DeleteJob
+     instance will have scheduled it's own destruction with a call to
+     QObject::deleteLater().
+
+     After result() is emitted, the DeleteJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class DeleteJob : public Job {
+    Q_OBJECT
+  protected:
+    DeleteJob( QObject * parent, const char * name );
+  public:
+    ~DeleteJob();
+
+    /**
+       Starts the delete operation. \a key represents the key to
+       delete, \a allowSecretKeyDeletion specifies if a key may also
+       be deleted if the secret key part is available, too.
+    */
+    virtual GpgME::Error start( const GpgME::Key & key, bool allowSecretKeyDeletion=false ) = 0;
+
+  signals:
+    void result( const GpgME::Error & result );
+  };
+
+}
+
+#endif // __KLEO_DELETEJOB_H__
diff --git a/certmanager/lib/kleo/dn.cpp b/certmanager/lib/kleo/dn.cpp
new file mode 100644
index 000000000..9ba2209fb
--- /dev/null
+++ b/certmanager/lib/kleo/dn.cpp
@@ -0,0 +1,538 @@
+/*
+    dn.cpp
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    DN parsing:
+    Copyright (c) 2002 g10 Code GmbH
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#include "dn.h"
+
+#include "oidmap.h"
+#include "ui/dnattributeorderconfigwidget.h"
+
+#include <kapplication.h>
+#include <kconfig.h>
+#include <klocale.h>
+
+#include <qstringlist.h>
+#include <qvaluevector.h>
+
+#include <iostream>
+#include <iterator>
+#include <algorithm>
+#include <map>
+
+#include <string.h>
+#include <ctype.h>
+#include <stdlib.h>
+
+struct Kleo::DN::Private {
+  Private() : mRefCount( 0 ) {}
+  Private( const Private & other )
+    : attributes( other.attributes ),
+      reorderedAttributes( other.reorderedAttributes ),
+      mRefCount( 0 )
+  {
+
+  }
+
+  int ref() {
+    return ++mRefCount;
+  }
+
+  int unref() {
+    if ( --mRefCount <= 0 ) {
+      delete this;
+      return 0;
+    } else
+      return mRefCount;
+  }
+
+  int refCount() const { return mRefCount; }
+
+  DN::Attribute::List attributes;
+  DN::Attribute::List reorderedAttributes;
+private:
+  int mRefCount;
+};
+
+namespace {
+  struct DnPair {
+    char * key;
+    char * value;
+  };
+}
+
+// copied from CryptPlug and adapted to work on DN::Attribute::List:
+
+#define digitp(p)   (*(p) >= '0' && *(p) <= '9')
+#define hexdigitp(a) (digitp (a)                     \
+                      || (*(a) >= 'A' && *(a) <= 'F')  \
+                      || (*(a) >= 'a' && *(a) <= 'f'))
+#define xtoi_1(p)   (*(p) <= '9'? (*(p)- '0'): \
+                     *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
+#define xtoi_2(p)   ((xtoi_1(p) * 16) + xtoi_1((p)+1))
+
+static char *
+trim_trailing_spaces( char *string )
+{
+    char *p, *mark;
+
+    for( mark = NULL, p = string; *p; p++ ) {
+	if( isspace( *p ) ) {
+	    if( !mark )
+		mark = p;
+	}
+	else
+	    mark = NULL;
+    }
+    if( mark )
+	*mark = '\0' ;
+
+    return string ;
+}
+
+/* Parse a DN and return an array-ized one.  This is not a validating
+   parser and it does not support any old-stylish syntax; gpgme is
+   expected to return only rfc2253 compatible strings. */
+static const unsigned char *
+parse_dn_part (DnPair *array, const unsigned char *string)
+{
+  const unsigned char *s, *s1;
+  size_t n;
+  char *p;
+
+  /* parse attributeType */
+  for (s = string+1; *s && *s != '='; s++)
+    ;
+  if (!*s)
+    return NULL; /* error */
+  n = s - string;
+  if (!n)
+    return NULL; /* empty key */
+  p = (char*)malloc (n+1);
+  
+  
+  memcpy (p, string, n);
+  p[n] = 0;
+  trim_trailing_spaces ((char*)p);
+  // map OIDs to their names:
+  for ( unsigned int i = 0 ; i < numOidMaps ; ++i )
+    if ( !strcasecmp ((char*)p, oidmap[i].oid) ) {
+      free( p );
+      p = strdup( oidmap[i].name );
+      break;
+    }
+  array->key = p;
+  string = s + 1;
+
+  if (*string == '#')
+    { /* hexstring */
+      string++;
+      for (s=string; hexdigitp (s); s++)
+        s++;
+      n = s - string;
+      if (!n || (n & 1))
+        return NULL; /* empty or odd number of digits */
+      n /= 2;
+      array->value = p = (char*)malloc (n+1);
+      
+      
+      for (s1=string; n; s1 += 2, n--)
+        *p++ = xtoi_2 (s1);
+      *p = 0;
+   }
+  else
+    { /* regular v3 quoted string */
+      for (n=0, s=string; *s; s++)
+        {
+          if (*s == '\\')
+            { /* pair */
+              s++;
+              if (*s == ',' || *s == '=' || *s == '+'
+                  || *s == '<' || *s == '>' || *s == '#' || *s == ';' 
+                  || *s == '\\' || *s == '\"' || *s == ' ')
+                n++;
+              else if (hexdigitp (s) && hexdigitp (s+1))
+                {
+                  s++;
+                  n++;
+                }
+              else
+                return NULL; /* invalid escape sequence */
+            }
+          else if (*s == '\"')
+            return NULL; /* invalid encoding */
+          else if (*s == ',' || *s == '=' || *s == '+'
+                   || *s == '<' || *s == '>' || *s == '#' || *s == ';' )
+            break; 
+          else
+            n++;
+        }
+
+      array->value = p = (char*)malloc (n+1);
+      
+      
+      for (s=string; n; s++, n--)
+        {
+          if (*s == '\\')
+            { 
+              s++;
+              if (hexdigitp (s))
+                {
+                  *p++ = xtoi_2 (s);
+                  s++;
+                }
+              else
+                *p++ = *s;
+            }
+          else
+            *p++ = *s;
+        }
+      *p = 0;
+    }
+  return s;
+}
+
+
+/* Parse a DN and return an array-ized one.  This is not a validating
+   parser and it does not support any old-stylish syntax; gpgme is
+   expected to return only rfc2253 compatible strings. */
+static Kleo::DN::Attribute::List
+parse_dn( const unsigned char * string ) {
+  if ( !string )
+    return QValueVector<Kleo::DN::Attribute>();
+
+  QValueVector<Kleo::DN::Attribute> result;
+  while (*string)
+    {
+      while (*string == ' ')
+        string++;
+      if (!*string)
+        break; /* ready */
+
+      DnPair pair = { 0, 0 };
+      string = parse_dn_part (&pair, string);
+      if (!string)
+	goto failure;
+      if ( pair.key && pair.value )
+	result.push_back( Kleo::DN::Attribute( QString::fromUtf8( pair.key ),
+					       QString::fromUtf8( pair.value ) ) );
+      free( pair.key );
+      free( pair.value );
+
+      while (*string == ' ')
+        string++;
+      if (*string && *string != ',' && *string != ';' && *string != '+')
+        goto failure; /* invalid delimiter */
+      if (*string)
+        string++;
+    }
+  return result;
+
+failure:
+  return QValueVector<Kleo::DN::Attribute>();
+}
+
+static QValueVector<Kleo::DN::Attribute>
+parse_dn( const QString & dn ) {
+  return parse_dn( (const unsigned char*)dn.utf8().data() );
+}
+
+static QString dn_escape( const QString & s ) {
+    QString result;
+    for ( unsigned int i = 0, end = s.length() ; i != end ; ++i ) {
+        const QChar ch = s[i];
+        switch ( ch.unicode() ) {
+        case ',':
+        case '+':
+        case '"':
+        case '\\':
+        case '<':
+        case '>':
+        case ';':
+            result += '\\';
+            // fall through
+        default:
+            result += ch;
+        }
+    }
+    return result;
+}
+
+static QString
+serialise( const QValueVector<Kleo::DN::Attribute> & dn ) {
+  QStringList result;
+  for ( QValueVector<Kleo::DN::Attribute>::const_iterator it = dn.begin() ; it != dn.end() ; ++it )
+    if ( !(*it).name().isEmpty() && !(*it).value().isEmpty() )
+      result.push_back( (*it).name().stripWhiteSpace() + '=' + dn_escape( (*it).value().stripWhiteSpace() ) );
+  return result.join( "," );
+}
+
+static Kleo::DN::Attribute::List
+reorder_dn( const Kleo::DN::Attribute::List & dn ) {
+  const QStringList & attrOrder = Kleo::DNAttributeMapper::instance()->attributeOrder();
+
+  Kleo::DN::Attribute::List unknownEntries;
+  Kleo::DN::Attribute::List result;
+  unknownEntries.reserve( dn.size() );
+  result.reserve( dn.size() );
+
+  // find all unknown entries in their order of appearance
+  for ( Kleo::DN::const_iterator it = dn.begin(); it != dn.end(); ++it )
+    if ( attrOrder.find( (*it).name() ) == attrOrder.end() )
+      unknownEntries.push_back( *it );
+
+  // process the known attrs in the desired order
+  for ( QStringList::const_iterator oit = attrOrder.begin() ; oit != attrOrder.end() ; ++oit )
+    if ( *oit == "_X_" ) {
+      // insert the unknown attrs
+      std::copy( unknownEntries.begin(), unknownEntries.end(),
+		 std::back_inserter( result ) );
+      unknownEntries.clear(); // don't produce dup's
+    } else {
+      for ( Kleo::DN::const_iterator dnit = dn.begin() ; dnit != dn.end() ; ++dnit )
+	if ( (*dnit).name() == *oit )
+	  result.push_back( *dnit );
+    }
+  
+  return result;
+}
+
+//
+//
+// class DN
+//
+//
+
+Kleo::DN::DN() {
+  d = new Private();
+  d->ref();
+}
+
+Kleo::DN::DN( const QString & dn ) {
+  d = new Private();
+  d->ref();
+  d->attributes = parse_dn( dn );
+}
+
+Kleo::DN::DN( const char * utf8DN ) {
+  d = new Private();
+  d->ref();
+  if ( utf8DN )
+    d->attributes = parse_dn( (const unsigned char*)utf8DN );
+}
+
+Kleo::DN::DN( const DN & other )
+  : d( other.d )
+{
+  if ( d ) d->ref();
+}
+
+Kleo::DN::~DN() {
+  if ( d ) d->unref();
+}
+
+const Kleo::DN & Kleo::DN::operator=( const DN & that ) {
+  if ( this->d == that.d )
+    return *this;
+
+  if ( that.d )
+    that.d->ref();
+  if ( this->d )
+    this->d->unref();
+
+  this->d = that.d;
+
+  return *this;
+}
+
+QString Kleo::DN::prettyDN() const {
+  if ( !d )
+    return QString::null;
+  if ( d->reorderedAttributes.empty() )
+    d->reorderedAttributes = reorder_dn( d->attributes );
+  return serialise( d->reorderedAttributes );
+}
+
+QString Kleo::DN::dn() const {
+  return d ? serialise( d->attributes ) : QString::null ;
+}
+
+// static
+QString Kleo::DN::escape( const QString & value ) {
+    return dn_escape( value );
+}
+
+void Kleo::DN::detach() {
+  if ( !d ) {
+    d = new Kleo::DN::Private();
+    d->ref();
+  } else if ( d->refCount() > 1 ) {
+    Kleo::DN::Private * d_save = d;
+    d = new Kleo::DN::Private( *d );
+    d->ref();
+    d_save->unref();
+  }
+}
+
+void Kleo::DN::append( const Attribute & attr ) {
+  detach();
+  d->attributes.push_back( attr );
+  d->reorderedAttributes.clear();
+}
+
+QString Kleo::DN::operator[]( const QString & attr ) const {
+  if ( !d )
+    return QString::null;
+  const QString attrUpper = attr.upper();
+  for ( QValueVector<Attribute>::const_iterator it = d->attributes.begin() ;
+	it != d->attributes.end() ; ++it )
+    if ( (*it).name() == attrUpper )
+      return (*it).value();
+  return QString::null;
+}
+
+static QValueVector<Kleo::DN::Attribute> empty;
+
+Kleo::DN::const_iterator Kleo::DN::begin() const {
+  return d ? d->attributes.begin() : empty.begin() ;
+}
+
+Kleo::DN::const_iterator Kleo::DN::end() const {
+  return d ? d->attributes.end() : empty.end() ;
+}
+
+
+/////////////////////
+
+namespace {
+  struct ltstr {
+    bool operator()( const char * s1, const char * s2 ) const {
+      return qstrcmp( s1, s2 ) < 0 ;
+    }
+  };
+}
+
+static const char * defaultOrder[] = {
+  "CN", "L", "_X_", "OU", "O", "C"
+};
+
+std::pair<const char*,const char*> attributeLabels[] = {
+#define MAKE_PAIR(x,y) std::pair<const char*,const char*>( x, y )
+  MAKE_PAIR( "CN", I18N_NOOP("Common name") ),
+  MAKE_PAIR( "SN", I18N_NOOP("Surname") ),
+  MAKE_PAIR( "GN", I18N_NOOP("Given name") ),
+  MAKE_PAIR( "L",  I18N_NOOP("Location") ),
+  MAKE_PAIR( "T",  I18N_NOOP("Title") ),
+  MAKE_PAIR( "OU", I18N_NOOP("Organizational unit") ),
+  MAKE_PAIR( "O",  I18N_NOOP("Organization") ),
+  MAKE_PAIR( "PC", I18N_NOOP("Postal code") ),
+  MAKE_PAIR( "C",  I18N_NOOP("Country code") ),
+  MAKE_PAIR( "SP", I18N_NOOP("State or province") ),
+  MAKE_PAIR( "DC", I18N_NOOP("Domain component") ),
+  MAKE_PAIR( "BC", I18N_NOOP("Business category") ),
+  MAKE_PAIR( "EMAIL", I18N_NOOP("Email address") ),
+  MAKE_PAIR( "MAIL", I18N_NOOP("Mail address") ),
+  MAKE_PAIR( "MOBILE", I18N_NOOP("Mobile phone number") ),
+  MAKE_PAIR( "TEL", I18N_NOOP("Telephone number") ),
+  MAKE_PAIR( "FAX", I18N_NOOP("Fax number") ),
+  MAKE_PAIR( "STREET", I18N_NOOP("Street address") ),
+  MAKE_PAIR( "UID", I18N_NOOP("Unique ID") )
+#undef MAKE_PAIR
+};
+static const unsigned int numAttributeLabels = sizeof attributeLabels / sizeof *attributeLabels ;
+
+class Kleo::DNAttributeMapper::Private {
+public:
+  Private();
+  std::map<const char*,const char*,ltstr> map;
+  QStringList attributeOrder;
+};
+
+Kleo::DNAttributeMapper::Private::Private()
+  : map( attributeLabels, attributeLabels + numAttributeLabels ) {}
+
+Kleo::DNAttributeMapper::DNAttributeMapper() {
+  d = new Private();
+  const KConfigGroup config( kapp->config(), "DN" );
+  d->attributeOrder = config.readListEntry( "AttributeOrder" );
+  if ( d->attributeOrder.empty() )
+    std::copy( defaultOrder, defaultOrder + sizeof defaultOrder / sizeof *defaultOrder,
+	       std::back_inserter( d->attributeOrder ) );
+  mSelf = this;
+}
+
+Kleo::DNAttributeMapper::~DNAttributeMapper() {
+  mSelf = 0;
+  delete d; d = 0;
+}
+
+Kleo::DNAttributeMapper * Kleo::DNAttributeMapper::mSelf = 0;
+
+const Kleo::DNAttributeMapper * Kleo::DNAttributeMapper::instance() {
+  if ( !mSelf )
+    (void)new DNAttributeMapper();
+  return mSelf;
+}
+
+QString Kleo::DNAttributeMapper::name2label( const QString & s ) const {
+  const std::map<const char*,const char*,ltstr>::const_iterator it
+    = d->map.find( s.stripWhiteSpace().upper().latin1() );
+  if ( it == d->map.end() )
+    return QString::null;
+  return i18n( it->second );
+}
+
+QStringList Kleo::DNAttributeMapper::names() const {
+  QStringList result;
+  for ( std::map<const char*,const char*,ltstr>::const_iterator it = d->map.begin() ; it != d->map.end() ; ++it )
+    result.push_back( it->first );
+  return result;
+}
+
+const QStringList & Kleo::DNAttributeMapper::attributeOrder() const {
+  return d->attributeOrder;
+}
+
+void Kleo::DNAttributeMapper::setAttributeOrder( const QStringList & order ) {
+  d->attributeOrder = order;
+  if ( order.empty() )
+    std::copy( defaultOrder, defaultOrder + sizeof defaultOrder / sizeof *defaultOrder,
+	       std::back_inserter( d->attributeOrder ) );
+  KConfigGroup config( kapp->config(), "DN" );
+  config.writeEntry( "AttributeOrder", order );
+}
+
+Kleo::DNAttributeOrderConfigWidget * Kleo::DNAttributeMapper::configWidget( QWidget * parent, const char * name ) const {
+  return new DNAttributeOrderConfigWidget( mSelf, parent, name );
+}
diff --git a/certmanager/lib/kleo/dn.h b/certmanager/lib/kleo/dn.h
new file mode 100644
index 000000000..12bf9dc03
--- /dev/null
+++ b/certmanager/lib/kleo/dn.h
@@ -0,0 +1,142 @@
+/*
+    dn.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_DN_H__
+#define __KLEO_DN_H__
+
+#include <qstring.h>
+#include <qvaluevector.h>
+#include <kdepimmacros.h>
+
+class QStringList;
+class QWidget;
+
+namespace Kleo {
+  class DNAttributeOrderConfigWidget;
+}
+
+namespace Kleo {
+
+  /**
+     @short DN Attribute mapper
+  */
+  class KDE_EXPORT DNAttributeMapper {
+    DNAttributeMapper();
+    ~DNAttributeMapper();
+  public:
+    static const DNAttributeMapper * instance();
+
+    QString name2label( const QString & s ) const;
+    QStringList names() const;
+
+    const QStringList & attributeOrder() const;
+
+    void setAttributeOrder( const QStringList & order );
+
+    DNAttributeOrderConfigWidget * configWidget( QWidget * parent=0, const char * name=0 ) const;
+
+  private:
+    class Private;
+    Private * d;
+    static DNAttributeMapper * mSelf;
+  };
+
+  /**
+     @short DN parser and reorderer
+  */
+  class KDE_EXPORT DN  {
+  public:
+    class Attribute;
+    typedef QValueVector<Attribute> AttributeList;
+    typedef AttributeList::const_iterator const_iterator;
+
+    DN();
+    DN( const QString & dn );
+    DN( const char * utf8DN );
+    DN( const DN & other );
+    ~DN();
+
+    const DN & operator=( const DN & other );
+
+    /** @return the value in rfc-2253-escaped form */
+    static QString escape( const QString & value );
+
+    /** @return the DN in a reordered form, according to the settings in
+	the [DN] group of the application's config file */
+    QString prettyDN() const;
+    /** @return the DN in the original form */
+    QString dn() const;
+
+    QString operator[]( const QString & attr ) const;
+
+    void append( const Attribute & attr );
+
+    const_iterator begin() const;
+    const_iterator end() const;
+
+  private:
+    void detach();
+  private:
+    class Private;
+    Private * d;
+  };
+
+  class KDE_EXPORT DN::Attribute {
+  public:
+    typedef DN::AttributeList List;
+
+    Attribute( const QString & name=QString::null, const QString & value=QString::null )
+      : mName( name.upper() ), mValue( value ) {}
+    Attribute( const Attribute & other )
+      : mName( other.name() ), mValue( other.value() ) {}
+
+    const Attribute & operator=( const Attribute & other ) {
+      if ( this != &other ) {
+	mName = other.name();
+	mValue = other.value();
+      }
+      return *this;
+    }
+
+    const QString & name() const { return mName; }
+    const QString & value() const { return mValue; }
+
+    void setValue( const QString & value ) { mValue = value; }
+    
+  private:
+    QString mName;
+    QString mValue;
+  };
+
+}
+
+#endif // __KLEO_DN_H__
diff --git a/certmanager/lib/kleo/downloadjob.h b/certmanager/lib/kleo/downloadjob.h
new file mode 100644
index 000000000..006ab8ebd
--- /dev/null
+++ b/certmanager/lib/kleo/downloadjob.h
@@ -0,0 +1,83 @@
+/*
+    downloadjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_DOWNLOADJOB_H__
+#define __KLEO_DOWNLOADJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+namespace GpgME {
+  class Error;
+}
+
+class QStringList;
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous downloaders
+
+     To use a DownloadJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the download with a call
+     to start(). This call might fail, in which case the DownloadJob
+     instance will have scheduled it's own destruction with a call to
+     QObject::deleteLater().
+
+     After result() is emitted, the DownloadJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class DownloadJob : public Job {
+    Q_OBJECT
+  protected:
+    DownloadJob( QObject * parent, const char * name );
+  public:
+    ~DownloadJob();
+
+    /**
+       Starts the download operation. \a fingerprints is a list of
+       fingerprints used to specify the list of keys downloaded. Empty
+       patterns are ignored. If \a fingerprints is empty, contains
+       only empty strings or anything other than fingerprints, the
+       result is undefined.
+    */
+    virtual GpgME::Error start( const QStringList & fingerprints ) = 0;
+
+  signals:
+    void result( const GpgME::Error & result, const QByteArray & keyData );
+  };
+
+}
+
+#endif // __KLEO_DOWNLOADJOB_H__
diff --git a/certmanager/lib/kleo/encryptjob.h b/certmanager/lib/kleo/encryptjob.h
new file mode 100644
index 000000000..02144656f
--- /dev/null
+++ b/certmanager/lib/kleo/encryptjob.h
@@ -0,0 +1,92 @@
+/*
+    encryptjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_ENCRYPTJOB_H__
+#define __KLEO_ENCRYPTJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+#include <vector>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class EncryptionResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous encrypters
+
+     To use a EncryptJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the encryption with a
+     call to start(). This call might fail, in which case the
+     EncryptJob instance will have scheduled it's own destruction with
+     a call to QObject::deleteLater().
+
+     After result() is emitted, the EncryptJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class EncryptJob : public Job {
+    Q_OBJECT
+  protected:
+    EncryptJob( QObject * parent, const char * name );
+  public:
+    ~EncryptJob();
+
+    /**
+       Starts the encryption operation. \a recipients is the a list of
+       keys to encrypt \a plainText to. Empty (null) keys are ignored.
+
+       If \a alwaysTrust is true, validity checking for the keys will
+       not be performed, but full validity assumed for all keys
+       without further checks.
+    */
+    virtual GpgME::Error start( const std::vector<GpgME::Key> & recipients,
+				const QByteArray & plainText, bool alwaysTrust=false ) = 0;
+
+    virtual GpgME::EncryptionResult exec( const std::vector<GpgME::Key> & recipients,
+					  const QByteArray & plainText,
+					  bool alwaysTrust, QByteArray & cipherText ) = 0;
+
+  signals:
+    void result( const GpgME::EncryptionResult & result, const QByteArray & cipherText );
+  };
+
+}
+
+#endif // __KLEO_ENCRYPTJOB_H__
diff --git a/certmanager/lib/kleo/enum.cpp b/certmanager/lib/kleo/enum.cpp
new file mode 100644
index 000000000..efa4cfaa3
--- /dev/null
+++ b/certmanager/lib/kleo/enum.cpp
@@ -0,0 +1,206 @@
+/*
+    kleo/enum.cpp
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#include "enum.h"
+
+#include <klocale.h>
+
+#include <qstring.h>
+#include <qstringlist.h>
+
+static const struct {
+  Kleo::CryptoMessageFormat format;
+  const char * displayName;
+  const char * configName;
+} cryptoMessageFormats[] = {
+  { Kleo::InlineOpenPGPFormat,
+    I18N_NOOP("Inline OpenPGP (deprecated)"),
+    "inline openpgp" },
+  { Kleo::OpenPGPMIMEFormat,
+    I18N_NOOP("OpenPGP/MIME"),
+    "openpgp/mime" },
+  { Kleo::SMIMEFormat,
+    I18N_NOOP("S/MIME"),
+    "s/mime" },
+  { Kleo::SMIMEOpaqueFormat,
+    I18N_NOOP("S/MIME Opaque"),
+    "s/mime opaque" },
+};
+static const unsigned int numCryptoMessageFormats
+  = sizeof cryptoMessageFormats / sizeof *cryptoMessageFormats ;
+
+const char * Kleo::cryptoMessageFormatToString( Kleo::CryptoMessageFormat f ) {
+  if ( f == AutoFormat )
+    return "auto";
+  for ( unsigned int i = 0 ; i < numCryptoMessageFormats ; ++i )
+    if ( f == cryptoMessageFormats[i].format )
+      return cryptoMessageFormats[i].configName;
+  return 0;
+}
+
+QStringList Kleo::cryptoMessageFormatsToStringList( unsigned int f ) {
+  QStringList result;
+  for ( unsigned int i = 0 ; i < numCryptoMessageFormats ; ++i )
+    if ( f & cryptoMessageFormats[i].format )
+      result.push_back( cryptoMessageFormats[i].configName );
+  return result;
+}
+
+QString Kleo::cryptoMessageFormatToLabel( Kleo::CryptoMessageFormat f ) {
+  if ( f == AutoFormat )
+    return i18n("Any");
+  for ( unsigned int i = 0 ; i < numCryptoMessageFormats ; ++i )
+    if ( f == cryptoMessageFormats[i].format )
+      return i18n( cryptoMessageFormats[i].displayName );
+  return QString::null;
+}
+
+Kleo::CryptoMessageFormat Kleo::stringToCryptoMessageFormat( const QString & s ) {
+  const QString t = s.lower();
+  for ( unsigned int i = 0 ; i < numCryptoMessageFormats ; ++i )
+    if ( t == cryptoMessageFormats[i].configName )
+      return cryptoMessageFormats[i].format;
+  return AutoFormat;
+}
+
+unsigned int Kleo::stringListToCryptoMessageFormats( const QStringList & sl ) {
+  unsigned int result = 0;
+  for ( QStringList::const_iterator it = sl.begin() ; it != sl.end() ; ++it )
+    result |= stringToCryptoMessageFormat( *it );
+  return result;
+}
+
+// For the config values used below, see also kaddressbook/editors/cryptowidget.cpp
+
+const char* Kleo::encryptionPreferenceToString( EncryptionPreference pref )
+{
+  switch( pref ) {
+  case UnknownPreference:
+    return 0;
+  case NeverEncrypt:
+    return "never";
+  case AlwaysEncrypt:
+    return "always";
+  case AlwaysEncryptIfPossible:
+    return "alwaysIfPossible";
+  case AlwaysAskForEncryption:
+    return "askAlways";
+  case AskWheneverPossible:
+    return "askWhenPossible";
+  }
+  return 0; // keep the compiler happy
+}
+
+Kleo::EncryptionPreference Kleo::stringToEncryptionPreference( const QString& str )
+{
+  if ( str == "never" )
+    return NeverEncrypt;
+  if ( str == "always" )
+    return AlwaysEncrypt;
+  if ( str == "alwaysIfPossible" )
+    return AlwaysEncryptIfPossible;
+  if ( str == "askAlways" )
+    return AlwaysAskForEncryption;
+  if ( str == "askWhenPossible" )
+    return AskWheneverPossible;
+  return UnknownPreference;
+}
+
+QString Kleo::encryptionPreferenceToLabel( EncryptionPreference pref )
+{
+  switch( pref ) {
+  case NeverEncrypt:
+    return i18n( "Never Encrypt" );
+  case AlwaysEncrypt:
+    return i18n( "Always Encrypt" );
+  case AlwaysEncryptIfPossible:
+    return i18n( "Always Encrypt If Possible" );
+  case AlwaysAskForEncryption:
+    return i18n( "Ask" );
+  case AskWheneverPossible:
+    return i18n( "Ask Whenever Possible" );
+  default:
+    return i18n( "no specific preference", "<none>" );
+  }
+}
+
+const char* Kleo::signingPreferenceToString( SigningPreference pref )
+{
+  switch( pref ) {
+  case UnknownSigningPreference:
+    return 0;
+  case NeverSign:
+    return "never";
+  case AlwaysSign:
+    return "always";
+  case AlwaysSignIfPossible:
+    return "alwaysIfPossible";
+  case AlwaysAskForSigning:
+    return "askAlways";
+  case AskSigningWheneverPossible:
+    return "askWhenPossible";
+  }
+  return 0; // keep the compiler happy
+}
+
+Kleo::SigningPreference Kleo::stringToSigningPreference( const QString& str )
+{
+  if ( str == "never" )
+    return NeverSign;
+  if ( str == "always" )
+    return AlwaysSign;
+  if ( str == "alwaysIfPossible" )
+    return AlwaysSignIfPossible;
+  if ( str == "askAlways" )
+    return AlwaysAskForSigning;
+  if ( str == "askWhenPossible" )
+    return AskSigningWheneverPossible;
+  return UnknownSigningPreference;
+}
+
+QString Kleo::signingPreferenceToLabel( SigningPreference pref )
+{
+  switch( pref ) {
+  case NeverSign:
+    return i18n( "Never Sign" );
+  case AlwaysSign:
+    return i18n( "Always Sign" );
+  case AlwaysSignIfPossible:
+    return i18n( "Always Sign If Possible" );
+  case AlwaysAskForSigning:
+    return i18n( "Ask" );
+  case AskSigningWheneverPossible:
+    return i18n( "Ask Whenever Possible" );
+  default:
+    return i18n( "no specific preference", "<none>" );
+  }
+}
diff --git a/certmanager/lib/kleo/enum.h b/certmanager/lib/kleo/enum.h
new file mode 100644
index 000000000..29f8e2a66
--- /dev/null
+++ b/certmanager/lib/kleo/enum.h
@@ -0,0 +1,93 @@
+/*
+    kleo/enum.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_ENUM_H__
+#define __KLEO_ENUM_H__
+
+#include <kdepimmacros.h>
+
+class QString;
+class QStringList;
+
+namespace Kleo {
+
+  enum CryptoMessageFormat {
+    InlineOpenPGPFormat = 1,
+    OpenPGPMIMEFormat = 2,
+    SMIMEFormat = 4,
+    SMIMEOpaqueFormat = 8,
+    AnyOpenPGP = InlineOpenPGPFormat|OpenPGPMIMEFormat,
+    AnySMIME = SMIMEOpaqueFormat|SMIMEFormat,
+    AutoFormat = AnyOpenPGP|AnySMIME
+  };
+
+  KDE_EXPORT QString cryptoMessageFormatToLabel( CryptoMessageFormat f );
+
+  KDE_EXPORT const char * cryptoMessageFormatToString( CryptoMessageFormat f );
+  KDE_EXPORT QStringList cryptoMessageFormatsToStringList( unsigned int f );
+  KDE_EXPORT CryptoMessageFormat stringToCryptoMessageFormat( const QString & s );
+  KDE_EXPORT unsigned int stringListToCryptoMessageFormats( const QStringList & sl );
+
+  enum Action {
+    Conflict, DoIt, DontDoIt, Ask, AskOpportunistic, Impossible
+  };
+
+  enum EncryptionPreference {
+    UnknownPreference = 0,
+    NeverEncrypt = 1,
+    AlwaysEncrypt = 2,
+    AlwaysEncryptIfPossible = 3,
+    AlwaysAskForEncryption = 4,
+    AskWheneverPossible = 5,
+    MaxEncryptionPreference = AskWheneverPossible
+  };
+
+  KDE_EXPORT QString encryptionPreferenceToLabel( EncryptionPreference pref );
+  KDE_EXPORT const char* encryptionPreferenceToString( EncryptionPreference pref );
+  KDE_EXPORT EncryptionPreference stringToEncryptionPreference( const QString& str );
+
+  enum SigningPreference {
+    UnknownSigningPreference = 0,
+    NeverSign = 1,
+    AlwaysSign = 2,
+    AlwaysSignIfPossible = 3,
+    AlwaysAskForSigning = 4,
+    AskSigningWheneverPossible = 5,
+    MaxSigningPreference = AskSigningWheneverPossible
+  };
+
+  KDE_EXPORT QString signingPreferenceToLabel( SigningPreference pref ) KDE_EXPORT;
+  KDE_EXPORT const char* signingPreferenceToString( SigningPreference pref ) KDE_EXPORT;
+  KDE_EXPORT SigningPreference stringToSigningPreference( const QString& str );
+}
+
+#endif // __KLEO_CRYPTOBACKEND_H__
diff --git a/certmanager/lib/kleo/exportjob.h b/certmanager/lib/kleo/exportjob.h
new file mode 100644
index 000000000..d6a0db185
--- /dev/null
+++ b/certmanager/lib/kleo/exportjob.h
@@ -0,0 +1,82 @@
+/*
+    exportjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_EXPORTJOB_H__
+#define __KLEO_EXPORTJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+namespace GpgME {
+  class Error;
+}
+
+class QStringList;
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous exporters
+
+     To use a ExportJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the export with a call
+     to start(). This call might fail, in which case the ExportJob
+     instance will have scheduled it's own destruction with a call to
+     QObject::deleteLater().
+
+     After result() is emitted, the ExportJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class ExportJob : public Job {
+    Q_OBJECT
+  protected:
+    ExportJob( QObject * parent, const char * name );
+  public:
+    ~ExportJob();
+
+    /**
+       Starts the export operation. \a patterns is a list of patterns
+       used to restrict the list of keys exported. Empty patterns are
+       ignored. If \a patterns is empty or contains only empty
+       strings, all available keys are exported.
+    */
+    virtual GpgME::Error start( const QStringList & patterns ) = 0;
+
+  signals:
+    void result( const GpgME::Error & result, const QByteArray & keyData );
+  };
+
+}
+
+#endif // __KLEO_EXPORTJOB_H__
diff --git a/certmanager/lib/kleo/hierarchicalkeylistjob.cpp b/certmanager/lib/kleo/hierarchicalkeylistjob.cpp
new file mode 100644
index 000000000..a7a66b2fe
--- /dev/null
+++ b/certmanager/lib/kleo/hierarchicalkeylistjob.cpp
@@ -0,0 +1,158 @@
+/*
+    hierarchicalkeylistjob.cpp
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "hierarchicalkeylistjob.h"
+#include "cryptobackend.h"
+#include "keylistjob.h"
+
+#include <klocale.h>
+
+#include <qstringlist.h>
+#include <qtl.h>
+
+#include <gpgmepp/key.h>
+#include <gpgmepp/context.h>
+#include <gpgmepp/data.h>
+
+#include <gpg-error.h>
+
+#include <iterator>
+#include <algorithm>
+
+#include <assert.h>
+
+Kleo::HierarchicalKeyListJob::HierarchicalKeyListJob( const CryptoBackend::Protocol * protocol,
+						      bool remote, bool includeSigs, bool validating )
+  : KeyListJob( 0, "Kleo::HierarchicalKeyListJob" ),
+    mProtocol( protocol ),
+    mRemote( remote ),
+    mIncludeSigs( includeSigs ),
+    mValidating( validating ),
+    mTruncated( false ),
+    mIntermediateResult(),
+    mJob( 0 )
+{
+  assert( protocol );
+}
+
+Kleo::HierarchicalKeyListJob::~HierarchicalKeyListJob() {
+
+}
+
+GpgME::Error Kleo::HierarchicalKeyListJob::start( const QStringList & patterns, bool secretOnly ) {
+  if ( secretOnly || patterns.empty() )
+    return gpg_err_make( GPG_ERR_SOURCE_GPGME, GPG_ERR_UNSUPPORTED_OPERATION );
+  qCopy( patterns.begin(), patterns.end(),
+	 std::inserter( mNextSet, mNextSet.begin() ) );
+  const GpgME::Error err = startAJob();
+  if ( err )
+    deleteLater();
+  return err;
+}
+
+GpgME::KeyListResult Kleo::HierarchicalKeyListJob::exec( const QStringList &, bool,
+							 std::vector<GpgME::Key> & keys ) {
+  keys.clear();
+  return GpgME::KeyListResult( gpg_err_make( GPG_ERR_SOURCE_GPGME, GPG_ERR_UNSUPPORTED_OPERATION ) );
+}
+
+void Kleo::HierarchicalKeyListJob::slotNextKey( const GpgME::Key & key ) {
+  if ( const char * chain_id = key.chainID() )
+    mNextSet.insert( chain_id );
+  if ( const char * fpr = key.primaryFingerprint() )
+    if ( mSentSet.find( fpr ) == mSentSet.end() ) {
+      mSentSet.insert( fpr );
+      emit nextKey( key );
+    }
+}
+
+void Kleo::HierarchicalKeyListJob::slotCancel() {
+  if ( mJob ) mJob->slotCancel();
+  mNextSet.clear();
+}
+
+void Kleo::HierarchicalKeyListJob::slotResult( const GpgME::KeyListResult & res ) {
+  mJob = 0;
+  mIntermediateResult.mergeWith( res );
+  std::set<QString> tmp;
+  std::set_difference( mNextSet.begin(), mNextSet.end(),
+		       mScheduledSet.begin(), mScheduledSet.end(),
+		       std::inserter( tmp, tmp.begin() ) );
+  mNextSet.clear();
+  std::set_difference( tmp.begin(), tmp.end(),
+		       mSentSet.begin(), mSentSet.end(),
+		       std::inserter( mNextSet, mNextSet.begin() ) );
+  if ( mIntermediateResult.error() || mNextSet.empty() ) {
+    emit done();
+    emit result( mIntermediateResult );
+    deleteLater();
+    return;
+  }
+  if ( const GpgME::Error error = startAJob() ) { // error starting the job for next keys
+    mIntermediateResult.mergeWith( GpgME::KeyListResult( error ) );
+    emit done();
+    emit result( mIntermediateResult );
+    deleteLater();
+    return;
+  }
+#if 0 // FIXME
+  const int current = mIt - mKeys.begin();
+  const int total = mKeys.size();
+  emit progress( i18n("progress info: \"%1 of %2\"","%1/%2").arg( current ).arg( total ), current, total );
+#endif
+}
+
+GpgME::Error Kleo::HierarchicalKeyListJob::startAJob() {
+  if ( mNextSet.empty() )
+    return 0;
+  mJob = mProtocol->keyListJob( mRemote, mIncludeSigs, mValidating );
+  assert( mJob ); // FIXME: we need a way to generate errors ourselves,
+		  // but I don't like the dependency on gpg-error :/
+
+  connect( mJob, SIGNAL(nextKey(const GpgME::Key&)), SLOT(slotNextKey(const GpgME::Key&)) );
+  connect( mJob, SIGNAL(result(const GpgME::KeyListResult&)), SLOT(slotResult(const GpgME::KeyListResult&)) );
+
+  QStringList patterns;
+  for ( std::set<QString>::const_iterator it = mNextSet.begin() ; it != mNextSet.end() ; ++it )
+    patterns.push_back( *it );
+
+  mScheduledSet.insert( mNextSet.begin(), mNextSet.end() );
+  mNextSet.clear();
+
+  return mJob->start( patterns, false );
+}
+
+#include "hierarchicalkeylistjob.moc"
diff --git a/certmanager/lib/kleo/hierarchicalkeylistjob.h b/certmanager/lib/kleo/hierarchicalkeylistjob.h
new file mode 100644
index 000000000..a91ff6dc0
--- /dev/null
+++ b/certmanager/lib/kleo/hierarchicalkeylistjob.h
@@ -0,0 +1,116 @@
+/*
+    hierarchicalkeylistjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_HIERARCHICALKEYLISTJOB_H__
+#define __KLEO_HIERARCHICALKEYLISTJOB_H__
+
+#include <kleo/keylistjob.h>
+#include <kleo/cryptobackend.h>
+#include <kdepimmacros.h>
+
+#include <gpgmepp/keylistresult.h>
+
+#include <qcstring.h>
+#include <qguardedptr.h>
+
+#include <set>
+
+namespace GpgME {
+  class Error;
+  class Key;
+}
+
+namespace Kleo {
+  class KeyListJob;
+}
+
+namespace Kleo {
+
+  /**
+     @short A convenience job that additionally fetches all available issuers.
+
+     To use a HierarchicalKeyListJob, pass it a CryptoBackend
+     implementation, connect the progress() and result() signals to
+     suitable slots and then start the keylisting with a call to
+     start(). This call might fail, in which case the
+     HierarchicalKeyListJob instance will have scheduled it's own
+     destruction with a call to QObject::deleteLater().
+
+     After result() is emitted, the HierarchicalKeyListJob will
+     schedule its own destruction by calling QObject::deleteLater().
+  */
+  class KDE_EXPORT HierarchicalKeyListJob : public KeyListJob {
+    Q_OBJECT
+  public:
+    HierarchicalKeyListJob( const CryptoBackend::Protocol * protocol,
+			    bool remote=false, bool includeSigs=false, bool validating=false );
+    ~HierarchicalKeyListJob();
+
+    /**
+       Starts the keylist operation. \a patterns is a list of patterns
+       used to restrict the list of keys returned. Empty patterns are
+       ignored. \a patterns must not be empty or contain only empty
+       patterns; use the normal KeyListJob for a full listing.
+
+       The \a secretOnly parameter is ignored by
+       HierarchicalKeyListJob and must be set to false.
+    */
+    GpgME::Error start( const QStringList & patterns, bool secretOnly=false );
+
+    GpgME::KeyListResult exec( const QStringList & patterns, bool secretOnly,
+			       std::vector<GpgME::Key> & keys );
+
+  private slots:
+    void slotResult( const GpgME::KeyListResult & );
+    void slotNextKey( const GpgME::Key & key );
+    /*! \reimp from Job */
+    void slotCancel();
+
+  private:
+    GpgME::Error startAJob();
+
+  private:
+    const CryptoBackend::Protocol * const mProtocol;
+    const bool mRemote;
+    const bool mIncludeSigs;
+    const bool mValidating;
+    bool mTruncated;
+    std::set<QString> mSentSet; // keys already sent (prevent duplicates even if the backend should return them)
+    std::set<QString> mScheduledSet; // keys already scheduled (by starting a job for them)
+    std::set<QString> mNextSet; // keys to schedule for the next iteraton
+    GpgME::KeyListResult mIntermediateResult;
+    QGuardedPtr<KeyListJob> mJob;
+  };
+
+}
+
+#endif // __KLEO_HIERARCHICALKEYLISTJOB_H__
diff --git a/certmanager/lib/kleo/importjob.h b/certmanager/lib/kleo/importjob.h
new file mode 100644
index 000000000..10aa90383
--- /dev/null
+++ b/certmanager/lib/kleo/importjob.h
@@ -0,0 +1,83 @@
+/*
+    importjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_IMPORTJOB_H__
+#define __KLEO_IMPORTJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class ImportResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous importers
+
+     To use a ImportJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the import with a call
+     to start(). This call might fail, in which case the ImportJob
+     instance will have scheduled it's own destruction with a call to
+     QObject::deleteLater().
+
+     After result() is emitted, the ImportJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class ImportJob : public Job {
+    Q_OBJECT
+  protected:
+    ImportJob( QObject * parent, const char * name );
+  public:
+    ~ImportJob();
+
+    /**
+       Starts the importing operation. \a keyData contains the data to
+       import from.
+    */
+    virtual GpgME::Error start( const QByteArray & keyData ) = 0;
+
+    virtual GpgME::ImportResult exec( const QByteArray & keyData ) = 0;
+
+  signals:
+    void result( const GpgME::ImportResult & result );
+  };
+
+}
+
+#endif // __KLEO_IMPORTJOB_H__
diff --git a/certmanager/lib/kleo/job.cpp b/certmanager/lib/kleo/job.cpp
new file mode 100644
index 000000000..77881d737
--- /dev/null
+++ b/certmanager/lib/kleo/job.cpp
@@ -0,0 +1,116 @@
+/*
+    job.cpp
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004,2005 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "job.h"
+
+#include "keylistjob.h"
+#include "encryptjob.h"
+#include "decryptjob.h"
+#include "decryptverifyjob.h"
+#include "signjob.h"
+#include "signencryptjob.h"
+#include "verifydetachedjob.h"
+#include "verifyopaquejob.h"
+#include "keygenerationjob.h"
+#include "importjob.h"
+#include "exportjob.h"
+#include "downloadjob.h"
+#include "deletejob.h"
+#include "refreshkeysjob.h"
+#include "specialjob.h"
+
+#include <qapplication.h>
+#include <kdebug.h>
+
+Kleo::Job::Job( QObject * parent, const char * name )
+  : QObject( parent, name )
+{
+  if ( qApp )
+    connect( qApp, SIGNAL(aboutToQuit()), SLOT(slotCancel()) );
+}
+
+Kleo::Job::~Job() {
+
+}
+
+void Kleo::Job::showErrorDialog( QWidget *, const QString & ) const {
+  kdDebug() << "Kleo::Job::showErrorDialog() should be reimplemented in Kleo::Job subclasses!" << endl;
+}
+
+QString Kleo::Job::auditLogAsHtml() const {
+    kdDebug() << "Kleo::Job::auditLogAsHtml() should be reimplemented in Kleo::Job subclasses!" << endl;
+    return QString();
+}
+
+#define make_job_subclass(x) \
+  Kleo::x::x( QObject * parent, const char * name ) : Job( parent, name ) {} \
+  Kleo::x::~x() {}
+
+make_job_subclass(KeyListJob)
+make_job_subclass(EncryptJob)
+make_job_subclass(DecryptJob)
+make_job_subclass(DecryptVerifyJob)
+make_job_subclass(SignJob)
+make_job_subclass(SignEncryptJob)
+make_job_subclass(VerifyDetachedJob)
+make_job_subclass(VerifyOpaqueJob)
+make_job_subclass(KeyGenerationJob)
+make_job_subclass(ImportJob)
+make_job_subclass(ExportJob)
+make_job_subclass(DownloadJob)
+make_job_subclass(DeleteJob)
+make_job_subclass(RefreshKeysJob)
+make_job_subclass(SpecialJob)
+
+#undef make_job_subclass
+
+#include "job.moc"
+
+#include "keylistjob.moc"
+#include "encryptjob.moc"
+#include "decryptjob.moc"
+#include "decryptverifyjob.moc"
+#include "signjob.moc"
+#include "signencryptjob.moc"
+#include "verifydetachedjob.moc"
+#include "verifyopaquejob.moc"
+#include "keygenerationjob.moc"
+#include "importjob.moc"
+#include "exportjob.moc"
+#include "downloadjob.moc"
+#include "deletejob.moc"
+#include "refreshkeysjob.moc"
+#include "specialjob.moc"
diff --git a/certmanager/lib/kleo/job.h b/certmanager/lib/kleo/job.h
new file mode 100644
index 000000000..ae65008b0
--- /dev/null
+++ b/certmanager/lib/kleo/job.h
@@ -0,0 +1,81 @@
+/*
+    job.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_JOB_H__
+#define __KLEO_JOB_H__
+
+#include <qobject.h>
+#include <qstring.h>
+
+class QWidget;
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous crypto operations
+
+     During the operation, you might receive progress updates through
+     the progress() signal as they arrive, but an implementation is
+     free to not send progress information. You should show a busy
+     progressbar until the first progress() signal is received.
+
+     The done() signal is emitted _before_ the result() signals of
+     subclasses and should be used to hide and/or reset progress bars,
+     not to learn of the end of the operation. Use the result()
+     signals for that.
+
+     To cancel the operation, simply call slotCancel(). The result()
+     signal of subclasses will still be emitted, though, and will
+     carry the information that the operation was canceled.
+  */
+  class Job : public QObject {
+    Q_OBJECT
+  protected:
+    Job( QObject * parent, const char * name );
+  public:
+    ~Job();
+
+    virtual void showErrorDialog( QWidget * parent=0, const QString & caption=QString::null ) const;
+
+    virtual QString auditLogAsHtml() const;
+
+  public slots:
+    virtual void slotCancel() = 0;
+
+  signals:
+    void progress( const QString & what, int current, int total );
+    void done();
+  };
+
+}
+
+#endif // __KLEO_JOB_H__
diff --git a/certmanager/lib/kleo/kconfigbasedkeyfilter.cpp b/certmanager/lib/kleo/kconfigbasedkeyfilter.cpp
new file mode 100644
index 000000000..89d18e799
--- /dev/null
+++ b/certmanager/lib/kleo/kconfigbasedkeyfilter.cpp
@@ -0,0 +1,251 @@
+/*
+    kconfigbasedkeyfilter.cpp
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "kconfigbasedkeyfilter.h"
+
+#include <kconfigbase.h>
+#include <klocale.h>
+
+static const struct {
+  const char * name;
+  GpgME::Key::OwnerTrust trust;
+  GpgME::UserID::Validity validity;
+} ownerTrustAndValidityMap[] = {
+  { "unknown",   GpgME::Key::Unknown,   GpgME::UserID::Unknown   },
+  { "undefined", GpgME::Key::Undefined, GpgME::UserID::Undefined },
+  { "never",     GpgME::Key::Never,     GpgME::UserID::Never     },
+  { "marginal",  GpgME::Key::Marginal,  GpgME::UserID::Marginal  },
+  { "full",      GpgME::Key::Full,      GpgME::UserID::Full      },
+  { "ultimate",  GpgME::Key::Ultimate,  GpgME::UserID::Ultimate  },
+};
+
+static GpgME::Key::OwnerTrust map2OwnerTrust( const QString & s ) {
+  for ( unsigned int i = 0 ; i < sizeof ownerTrustAndValidityMap / sizeof *ownerTrustAndValidityMap ; ++i )
+    if ( s.lower() == ownerTrustAndValidityMap[i].name )
+      return ownerTrustAndValidityMap[i].trust;
+  return ownerTrustAndValidityMap[0].trust;
+}
+
+static GpgME::UserID::Validity map2Validity( const QString & s ) {
+  for ( unsigned int i = 0 ; i < sizeof ownerTrustAndValidityMap / sizeof *ownerTrustAndValidityMap ; ++i )
+    if ( s.lower() == ownerTrustAndValidityMap[i].name )
+      return ownerTrustAndValidityMap[i].validity;
+  return ownerTrustAndValidityMap[0].validity;
+}
+
+
+Kleo::KConfigBasedKeyFilter::KConfigBasedKeyFilter( const KConfigBase & config )
+  : KeyFilter(),
+    mSpecificity( 0 ),
+    mItalic( false ),
+    mBold( false ),
+    mStrikeOut( false ),
+    mUseFullFont( false ),
+    mRevoked( DoesNotMatter ),
+    mExpired( DoesNotMatter ),
+    mDisabled( DoesNotMatter ),
+    mRoot( DoesNotMatter ),
+    mCanEncrypt( DoesNotMatter ),
+    mCanSign( DoesNotMatter ),
+    mCanCertify( DoesNotMatter ),
+    mCanAuthenticate( DoesNotMatter ),
+    mHasSecret( DoesNotMatter ),
+    mIsOpenPGP( DoesNotMatter ),
+    mWasValidated( DoesNotMatter ),
+    mOwnerTrust( LevelDoesNotMatter ),
+    mOwnerTrustReferenceLevel( GpgME::Key::Unknown ),
+    mValidity( LevelDoesNotMatter ),
+    mValidityReferenceLevel( GpgME::UserID::Unknown )
+{
+  mFgColor = config.readColorEntry( "foreground-color" );
+  mBgColor = config.readColorEntry( "background-color" );
+  mName = config.readEntry( "name", i18n("<unnamed>") );
+  mIcon = config.readEntry( "icon" );
+  if ( config.hasKey( "font" ) ) {
+    mUseFullFont = true;
+    mFont = config.readFontEntry( "font" );
+  } else {
+    mItalic = config.readBoolEntry( "font-italic", false );
+    mBold = config.readBoolEntry( "font-bold", false );
+  }
+  mStrikeOut = config.readBoolEntry( "font-strikeout", false );
+#ifdef SET
+#undef SET
+#endif
+#define SET(member,key) \
+  if ( config.hasKey( key ) ) { \
+    member = config.readBoolEntry( key ) ? Set : NotSet ; \
+    ++mSpecificity; \
+  }
+  SET( mRevoked, "is-revoked" );
+  SET( mExpired, "is-expired" );
+  SET( mDisabled, "is-disabled" );
+  SET( mRoot, "is-root-certificate" );
+  SET( mCanEncrypt, "can-encrypt" );
+  SET( mCanSign, "can-sign" );
+  SET( mCanCertify, "can-certify" );
+  SET( mCanAuthenticate, "can-authenticate" );
+  SET( mHasSecret, "has-secret-key" );
+  SET( mIsOpenPGP, "is-openpgp-key" );
+  SET( mWasValidated, "was-validated" );
+#undef SET
+  static const struct {
+    const char * prefix;
+    LevelState state;
+  } prefixMap[] = {
+    { "is-", Is },
+    { "is-not-", IsNot },
+    { "is-at-least-", IsAtLeast },
+    { "is-at-most-", IsAtMost },
+  };
+  for ( unsigned int i = 0 ; i < sizeof prefixMap / sizeof *prefixMap ; ++i ) {
+    const QString key = QString( prefixMap[i].prefix ) + "ownertrust";
+    if ( config.hasKey( key ) ) {
+      mOwnerTrust = prefixMap[i].state;
+      mOwnerTrustReferenceLevel = map2OwnerTrust( config.readEntry( key ) );
+      ++mSpecificity;
+      break;
+    }
+  }
+  for ( unsigned int i = 0 ; i < sizeof prefixMap / sizeof *prefixMap ; ++i ) {
+    const QString key = QString( prefixMap[i].prefix ) + "validity";
+    if ( config.hasKey( key ) ) {
+      mValidity = prefixMap[i].state;
+      mValidityReferenceLevel = map2Validity( config.readEntry( key ) );
+      ++mSpecificity;
+      break;
+    }
+  }
+}
+
+Kleo::KConfigBasedKeyFilter::~KConfigBasedKeyFilter() {
+
+}
+
+bool Kleo::KConfigBasedKeyFilter::matches( const GpgME::Key & key ) const {
+#ifdef MATCH
+#undef MATCH
+#endif
+#define MATCH(member,method) \
+  if ( member != DoesNotMatter && key.method() != bool( member == Set ) ) \
+    return false
+#define IS_MATCH(what) MATCH( m##what, is##what )
+#define CAN_MATCH(what) MATCH( mCan##what, can##what )
+  IS_MATCH( Revoked );
+  IS_MATCH( Expired );
+  IS_MATCH( Disabled );
+  IS_MATCH( Root );
+  CAN_MATCH( Encrypt );
+  CAN_MATCH( Sign );
+  CAN_MATCH( Certify );
+  CAN_MATCH( Authenticate );
+  MATCH( mHasSecret, isSecret );
+#undef MATCH
+  if ( mIsOpenPGP != DoesNotMatter &&
+       bool( key.protocol() == GpgME::Context::OpenPGP ) != bool( mIsOpenPGP == Set ) )
+    return false;
+  if ( mWasValidated != DoesNotMatter &&
+       bool( key.keyListMode() & GpgME::Context::Validate ) != bool( mWasValidated == Set ) )
+    return false;
+  switch ( mOwnerTrust ) {
+  default:
+  case LevelDoesNotMatter:
+    break;
+  case Is:
+    if ( key.ownerTrust() != mOwnerTrustReferenceLevel )
+      return false;
+    break;
+  case IsNot:
+    if ( key.ownerTrust() == mOwnerTrustReferenceLevel )
+      return false;
+    break;
+  case IsAtLeast:
+    if ( (int)key.ownerTrust() < (int)mOwnerTrustReferenceLevel )
+      return false;
+    break;
+  case IsAtMost:
+    if ( (int)key.ownerTrust() > (int)mOwnerTrustReferenceLevel )
+      return false;
+    break;
+  }
+  const GpgME::UserID uid = key.userID(0);
+  switch ( mValidity ) {
+  default:
+  case LevelDoesNotMatter:
+    break;
+  case Is:
+    if ( uid.validity() != mValidityReferenceLevel )
+      return false;
+    break;
+  case IsNot:
+    if ( uid.validity() == mValidityReferenceLevel )
+      return false;
+    break;
+  case IsAtLeast:
+    if ( (int)uid.validity() < (int)mValidityReferenceLevel )
+      return false;
+    break;
+  case IsAtMost:
+    if ( (int)uid.validity() > (int)mValidityReferenceLevel )
+      return false;
+    break;
+  }
+  return true;
+}
+
+static inline QFont resizedFont( QFont font, int pointSize, bool strike ) {
+  font.setPointSize( pointSize );
+  if ( strike )
+    font.setStrikeOut( true );
+  return font;
+}
+
+static inline QFont adapt( QFont font, bool it, bool b, bool strike ) {
+  if ( it )
+    font.setItalic( true );
+  if ( b )
+    font.setBold( true );
+  if ( strike )
+    font.setStrikeOut( true );
+  return font;
+}
+
+QFont Kleo::KConfigBasedKeyFilter::font( const QFont & f ) const {
+  if ( mUseFullFont )
+    return resizedFont( mFont, f.pointSize(), mStrikeOut );
+  else
+    return adapt( f, mItalic, mBold, mStrikeOut );
+}
diff --git a/certmanager/lib/kleo/kconfigbasedkeyfilter.h b/certmanager/lib/kleo/kconfigbasedkeyfilter.h
new file mode 100644
index 000000000..42c083080
--- /dev/null
+++ b/certmanager/lib/kleo/kconfigbasedkeyfilter.h
@@ -0,0 +1,104 @@
+/*
+    kconfigbasedkeyfilter.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_KCONFIGBASEDKEYFILTER_H__
+#define __KLEO_KCONFIGBASEDKEYFILTER_H__
+
+#include "keyfilter.h"
+
+#include <qfont.h>
+#include <qstring.h>
+#include <qcolor.h>
+
+#include <gpgmepp/key.h>
+
+class KConfigBase;
+
+namespace Kleo {
+
+  class KConfigBasedKeyFilter : public KeyFilter {
+  public:
+    explicit KConfigBasedKeyFilter( const KConfigBase & config );
+    ~KConfigBasedKeyFilter();
+    bool matches( const GpgME::Key & key ) const;
+
+    unsigned int specificity() const { return mSpecificity; }
+
+    QColor fgColor() const { return mFgColor; }
+    QColor bgColor() const { return mBgColor; }
+    QFont  font( const QFont & ) const;
+    QString name() const { return mName; }
+    QString icon() const { return mIcon; }
+
+  private:
+    QColor mFgColor, mBgColor;
+    QString mName;
+    QString mIcon;
+    unsigned int mSpecificity;
+    bool mItalic;
+    bool mBold;
+    bool mStrikeOut;
+    bool mUseFullFont;
+    QFont mFont;
+
+    enum TriState {
+      DoesNotMatter = 0,
+      Set = 1,
+      NotSet = 2
+    };
+    TriState mRevoked;
+    TriState mExpired;
+    TriState mDisabled;
+    TriState mRoot;
+    TriState mCanEncrypt;
+    TriState mCanSign;
+    TriState mCanCertify;
+    TriState mCanAuthenticate;
+    TriState mHasSecret;
+    TriState mIsOpenPGP;
+    TriState mWasValidated;
+    enum LevelState {
+      LevelDoesNotMatter = 0,
+      Is = 1,
+      IsNot = 2,
+      IsAtLeast = 3,
+      IsAtMost = 4
+    };
+    LevelState mOwnerTrust;
+    GpgME::Key::OwnerTrust mOwnerTrustReferenceLevel;
+    LevelState mValidity;
+    GpgME::UserID::Validity mValidityReferenceLevel;
+  };
+
+}
+
+#endif // __KLEO_KCONFIGBASEDKEYFILTER_H__
diff --git a/certmanager/lib/kleo/keyfilter.h b/certmanager/lib/kleo/keyfilter.h
new file mode 100644
index 000000000..f10fba9bf
--- /dev/null
+++ b/certmanager/lib/kleo/keyfilter.h
@@ -0,0 +1,68 @@
+/*
+    keyfilter.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_KEYFILTER_H__
+#define __KLEO_KEYFILTER_H__
+
+namespace GpgME {
+  class Key;
+}
+
+class QFont;
+class QColor;
+class QString;
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class key filters
+
+  */
+  class KeyFilter {
+  public:
+    virtual ~KeyFilter() {}
+    virtual bool matches( const GpgME::Key & key ) const = 0;
+
+    virtual unsigned int specificity() const = 0;
+
+    // not sure if we want these here, but for the time being, it's
+    // the easiest way:
+    virtual QColor fgColor() const = 0;
+    virtual QColor bgColor() const = 0;
+    virtual QFont  font( const QFont & ) const = 0;
+    virtual QString name() const = 0;
+    virtual QString icon() const = 0;
+  };
+
+}
+
+#endif // __KLEO_KEYFILTER_H__
diff --git a/certmanager/lib/kleo/keyfiltermanager.cpp b/certmanager/lib/kleo/keyfiltermanager.cpp
new file mode 100644
index 000000000..14932801c
--- /dev/null
+++ b/certmanager/lib/kleo/keyfiltermanager.cpp
@@ -0,0 +1,118 @@
+/*
+    keyfiltermanager.cpp
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "keyfiltermanager.h"
+#include "kconfigbasedkeyfilter.h"
+
+#include "cryptobackendfactory.h"
+
+#include <kconfig.h>
+
+#include <qapplication.h>
+#include <qregexp.h>
+#include <qstringlist.h>
+#include <qvaluevector.h>
+
+#include <algorithm>
+
+namespace {
+  template <typename T>
+  struct Delete {
+    void operator()( T * item ) { delete item; }
+  };
+}
+
+struct Kleo::KeyFilterManager::Private {
+  void clear() {
+    std::for_each( filters.begin(), filters.end(), Delete<KeyFilter>() );
+    filters.clear();
+  }
+
+  QValueVector<KeyFilter*> filters;
+};
+
+Kleo::KeyFilterManager * Kleo::KeyFilterManager::mSelf = 0;
+
+Kleo::KeyFilterManager::KeyFilterManager( QObject * parent, const char * name )
+  : QObject( parent, name ), d( 0 )
+{
+  mSelf = this;
+  d = new Private();
+  // ### DF: doesn't a KStaticDeleter work more reliably?
+  if ( qApp )
+    connect( qApp, SIGNAL(aboutToQuit()), SLOT(deleteLater()) );
+  reload();
+}
+
+Kleo::KeyFilterManager::~KeyFilterManager() {
+  mSelf = 0;
+  if ( d )
+    d->clear();
+  delete d; d = 0;
+}
+
+Kleo::KeyFilterManager * Kleo::KeyFilterManager::instance() {
+  if ( !mSelf )
+    mSelf = new Kleo::KeyFilterManager();
+  return mSelf;
+}
+
+const Kleo::KeyFilter * Kleo::KeyFilterManager::filterMatching( const GpgME::Key & key ) const {
+  for ( QValueVector<KeyFilter*>::const_iterator it = d->filters.begin() ; it != d->filters.end() ; ++it )
+    if ( (*it)->matches( key ) )
+      return *it;
+  return 0;
+}
+
+static inline bool by_increasing_specificity( const Kleo::KeyFilter * left, const Kleo::KeyFilter * right ) {
+  return left->specificity() > right->specificity();
+}
+
+void Kleo::KeyFilterManager::reload() {
+  d->clear();
+
+  KConfig * config = Kleo::CryptoBackendFactory::instance()->configObject();
+  if ( !config )
+    return;
+  const QStringList groups = config->groupList().grep( QRegExp( "^Key Filter #\\d+$" ) );
+  for ( QStringList::const_iterator it = groups.begin() ; it != groups.end() ; ++it ) {
+    const KConfigGroup cfg( config, *it );
+    d->filters.push_back( new KConfigBasedKeyFilter( cfg ) );
+  }
+  std::stable_sort( d->filters.begin(), d->filters.end(), by_increasing_specificity );
+}
+
+#include "keyfiltermanager.moc"
diff --git a/certmanager/lib/kleo/keyfiltermanager.h b/certmanager/lib/kleo/keyfiltermanager.h
new file mode 100644
index 000000000..25353d71a
--- /dev/null
+++ b/certmanager/lib/kleo/keyfiltermanager.h
@@ -0,0 +1,69 @@
+/*
+    keyfiltermanager.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_KEYFILTERMANAGER_H__
+#define __KLEO_KEYFILTERMANAGER_H__
+
+#include <qobject.h>
+#include <kdepimmacros.h>
+namespace GpgME {
+  class Key;
+}
+
+namespace Kleo {
+  class KeyFilter;
+}
+
+namespace Kleo {
+
+  class KDE_EXPORT KeyFilterManager : public QObject {
+    Q_OBJECT
+  protected:
+    KeyFilterManager( QObject * parent=0, const char * name=0 );
+    ~KeyFilterManager();
+
+  public:
+    static KeyFilterManager * instance();
+
+    const KeyFilter * filterMatching( const GpgME::Key & key ) const;
+
+    void reload();
+
+  private:
+    class Private;
+    Private * d;
+    static KeyFilterManager * mSelf;
+  };
+
+}
+
+#endif // __KLEO_KEYFILTERMANAGER_H__
diff --git a/certmanager/lib/kleo/keygenerationjob.h b/certmanager/lib/kleo/keygenerationjob.h
new file mode 100644
index 000000000..f78152c5c
--- /dev/null
+++ b/certmanager/lib/kleo/keygenerationjob.h
@@ -0,0 +1,81 @@
+/*
+    keygenerationjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_KEYGENERATIONJOB_H__
+#define __KLEO_KEYGENERATIONJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+namespace GpgME {
+  class Error;
+  class KeyGenerationResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous key generation
+
+     To use a KeyGenerationJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the key generation with
+     a call to start(). This call might fail, in which case the
+     KeyGenerationJob instance will have scheduled it's own
+     destruction with a call to QObject::deleteLater().
+
+     After result() is emitted, the KeyGenerationJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class KeyGenerationJob : public Job {
+    Q_OBJECT
+  protected:
+    KeyGenerationJob( QObject * parent, const char * name );
+  public:
+    ~KeyGenerationJob();
+
+    /**
+       Starts the key generation operation. \a parameters is a
+       backend-specific string containing the paramaters of the key to
+       create (length, capabilities, etc).
+    */
+    virtual GpgME::Error start( const QString & parameters ) = 0;
+
+  signals:
+    void result( const GpgME::KeyGenerationResult & result, const QByteArray & pubKeyData );
+  };
+
+}
+
+#endif // __KLEO_KEYGENERATIONJOB_H__
diff --git a/certmanager/lib/kleo/keylistjob.h b/certmanager/lib/kleo/keylistjob.h
new file mode 100644
index 000000000..c419ad47d
--- /dev/null
+++ b/certmanager/lib/kleo/keylistjob.h
@@ -0,0 +1,96 @@
+/*
+    keylistjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_KEYLISTJOB_H__
+#define __KLEO_KEYLISTJOB_H__
+
+#include "job.h"
+
+#include <vector>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class KeyListResult;
+}
+
+class QStringList;
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous key listers
+
+     To use a KeyListJob, first obtain an instance from the
+     CryptoBackend implementation, connect the nextKey(), progress()
+     and result() signals to suitable slots and then start the key
+     listing with a call to start(). This call might fail, in which
+     case the KeylistJob instance will have schedules it's own
+     destruction with a call to QObject::deleteLater().
+
+     During keylisting, you will receive new key objects through the
+     nextKey() signal as they arrive. After result() is emitted, the
+     KeyListJob will schedule it's own destruction by calling
+     QObject::deleteLater().
+  */
+  class KeyListJob : public Job {
+    Q_OBJECT
+  protected:
+    KeyListJob( QObject * parent, const char * name );
+
+  public:
+   ~KeyListJob();
+
+     /**
+       Starts the keylist operation. \a pattern is a list of patterns
+       used to restrict the list of keys returned. Empty patterns are
+       ignored. If \a pattern is empty or contains only empty strings,
+       all keys are returned (however, the backend is free to truncate
+       the result and should do so; when this happens, it will be
+       reported by the reult object).
+
+       If \a secretOnly is true, only keys for which the secret key is
+       also available are returned. Use this if you need to select a
+       key for signing.
+    */
+    virtual GpgME::Error start( const QStringList & patterns, bool secretOnly=false ) = 0;
+
+    virtual GpgME::KeyListResult exec( const QStringList & patterns, bool secretOnly, std::vector<GpgME::Key> & keys ) = 0;
+
+  signals:
+    void nextKey( const GpgME::Key & key );
+    void result( const GpgME::KeyListResult & result );
+  };
+
+}
+
+#endif // __KLEO_KEYLISTJOB_H__
diff --git a/certmanager/lib/kleo/multideletejob.cpp b/certmanager/lib/kleo/multideletejob.cpp
new file mode 100644
index 000000000..32596e78f
--- /dev/null
+++ b/certmanager/lib/kleo/multideletejob.cpp
@@ -0,0 +1,110 @@
+/*
+    multideletejob.cpp
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include "multideletejob.h"
+#include "cryptobackend.h"
+#include "deletejob.h"
+
+#include <klocale.h>
+
+#include <gpgmepp/key.h>
+#include <gpgmepp/context.h>
+#include <gpgmepp/data.h>
+
+#include <iterator>
+
+#include <assert.h>
+
+Kleo::MultiDeleteJob::MultiDeleteJob( const CryptoBackend::Protocol * protocol )
+  : Job( 0, "Kleo::MultiDeleteJob" ),
+    mProtocol( protocol ),
+    mJob( 0 )
+{
+  assert( protocol );
+}
+
+Kleo::MultiDeleteJob::~MultiDeleteJob() {
+
+}
+
+GpgME::Error Kleo::MultiDeleteJob::start( const std::vector<GpgME::Key> & keys, bool allowSecretKeyDeletion ) {
+  mKeys = keys;
+  mAllowSecretKeyDeletion = allowSecretKeyDeletion;
+  mIt = mKeys.begin();
+
+  const GpgME::Error err = startAJob();
+
+  if ( err )
+    deleteLater();
+  return err;
+}
+
+void Kleo::MultiDeleteJob::slotCancel() {
+  if ( mJob ) mJob->slotCancel();
+  mIt = mKeys.end();
+}
+
+void Kleo::MultiDeleteJob::slotResult( const GpgME::Error & err ) {
+  mJob = 0;
+  GpgME::Error error = err;
+  if ( error || // error in last op
+       mIt == mKeys.end() || // (shouldn't happen)
+       ++mIt == mKeys.end() || // was the last key
+       (error = startAJob()) ) { // error starting the job for the new key
+    emit done();
+    emit result( error, error && mIt != mKeys.end() ? *mIt : GpgME::Key::null );
+    deleteLater();
+    return;
+  }
+
+  const int current = mIt - mKeys.begin();
+  const int total = mKeys.size();
+  emit progress( i18n("progress info: \"%1 of %2\"","%1/%2").arg( current ).arg( total ), current, total );
+}
+
+GpgME::Error Kleo::MultiDeleteJob::startAJob() {
+  if ( mIt == mKeys.end() )
+    return 0;
+  mJob = mProtocol->deleteJob();
+  assert( mJob ); // FIXME: we need a way to generate errors ourselves,
+		  // but I don't like the dependency on gpg-error :/
+
+  connect( mJob, SIGNAL(result(const GpgME::Error&)), SLOT(slotResult(const GpgME::Error&)) );
+
+  return mJob->start( *mIt, mAllowSecretKeyDeletion );
+}
+
+#include "multideletejob.moc"
diff --git a/certmanager/lib/kleo/multideletejob.h b/certmanager/lib/kleo/multideletejob.h
new file mode 100644
index 000000000..5b995adaf
--- /dev/null
+++ b/certmanager/lib/kleo/multideletejob.h
@@ -0,0 +1,101 @@
+/*
+    multideletejob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_MULTIDELETEJOB_H__
+#define __KLEO_MULTIDELETEJOB_H__
+
+#include <kleo/job.h>
+#include <kleo/cryptobackend.h>
+
+#include <kdepimmacros.h>
+#include <qguardedptr.h>
+
+#include <vector>
+
+namespace GpgME {
+  class Error;
+  class Key;
+}
+
+namespace Kleo {
+  class DeleteJob;
+}
+
+namespace Kleo {
+
+  /**
+     @short A convenience class bundling together multiple DeleteJobs.
+
+     To use a MultiDeleteJob, pass it a CryptoBackend implementation,
+     connect the progress() and result() signals to suitable slots and
+     then start the delete with a call to start(). This call might
+     fail, in which case the MultiDeleteJob instance will have scheduled
+     it's own destruction with a call to QObject::deleteLater().
+
+     After result() is emitted, the MultiDeleteJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class KDE_EXPORT MultiDeleteJob : public Job {
+    Q_OBJECT
+  public:
+    MultiDeleteJob( const CryptoBackend::Protocol * protocol );
+    ~MultiDeleteJob();
+
+    /**
+       Starts the delete operation. \a keys is the list of keys to
+       delete, \a allowSecretKeyDeletion specifies if a key may also
+       be deleted if the secret key part is available, too.
+    */
+    GpgME::Error start( const std::vector<GpgME::Key> & keys, bool allowSecretKeyDeletion=false );
+
+  signals:
+    void result( const GpgME::Error & result, const GpgME::Key & errorKey );
+
+  private slots:
+    void slotResult( const GpgME::Error & );
+    /*! \reimp from Job */
+    void slotCancel();
+
+  private:
+    GpgME::Error startAJob();
+
+  private:
+    const CryptoBackend::Protocol * mProtocol;
+    QGuardedPtr<DeleteJob> mJob;
+    std::vector<GpgME::Key> mKeys;
+    std::vector<GpgME::Key>::const_iterator mIt;
+    bool mAllowSecretKeyDeletion;
+  };
+
+}
+
+#endif // __KLEO_MULTIDELETEJOB_H__
diff --git a/certmanager/lib/kleo/oidmap.h b/certmanager/lib/kleo/oidmap.h
new file mode 100644
index 000000000..596296332
--- /dev/null
+++ b/certmanager/lib/kleo/oidmap.h
@@ -0,0 +1,57 @@
+/*
+    oidmap.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_OIDMAP_H__
+#define __KLEO_OIDMAP_H__
+
+static struct {
+  const char * name;
+  const char * oid;
+} oidmap[] = {
+  // keep them ordered by oid:
+  { "SP", "ST" }, // hack to show the Sphinx-required/desired SP for
+		  // StateOrProvince, otherwise known as ST or even S
+  { "NameDistinguisher", "0.2.262.1.10.7.20" },
+  { "EMAIL", "1.2.840.113549.1.9.1" },
+  { "SN", "2.5.4.4" },
+  { "SerialNumber", "2.5.4.5" },
+  { "T", "2.5.4.12" },
+  { "D", "2.5.4.13" },
+  { "BC", "2.5.4.15" },
+  { "ADDR", "2.5.4.16" },
+  { "PC", "2.5.4.17" },
+  { "GN", "2.5.4.42" },
+  { "Pseudo", "2.5.4.65" },
+};
+static const unsigned int numOidMaps = sizeof oidmap / sizeof *oidmap;
+
+#endif // __KLEO_OIDMAP_H__
diff --git a/certmanager/lib/kleo/refreshkeysjob.h b/certmanager/lib/kleo/refreshkeysjob.h
new file mode 100644
index 000000000..dcf9cd516
--- /dev/null
+++ b/certmanager/lib/kleo/refreshkeysjob.h
@@ -0,0 +1,90 @@
+/*
+    refreshkeysjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_REFRESHKEYSJOB_H__
+#define __KLEO_REFRESHKEYSJOB_H__
+
+#include "job.h"
+
+#include <vector>
+
+namespace GpgME {
+  class Error;
+  class Key;
+}
+
+class QStringList;
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous key refreshers.
+
+     To use a RefreshKeysJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the key refresh with a
+     call to start(). This call might fail, in which case the
+     RefreshKeysJob instance will have scheduled its own destruction
+     with a call to QObject::deleteLater().
+
+     After result() is emitted, the KeyListJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class RefreshKeysJob : public Job {
+    Q_OBJECT
+  protected:
+    RefreshKeysJob( QObject * parent, const char * name );
+
+  public:
+   ~RefreshKeysJob();
+
+     /**
+       Starts the keylist operation. \a pattern is a list of patterns
+       used to restrict the list of keys returned. Empty patterns are
+       ignored. If \a pattern is empty or contains only empty strings,
+       all keys are returned (however, the backend is free to truncate
+       the result and should do so; when this happens, it will be
+       reported by the reult object).
+
+       If \a secretOnly is true, only keys for which the secret key is
+       also available are returned. Use this if you need to select a
+       key for signing.
+    */
+    virtual GpgME::Error start( const QStringList & patterns ) = 0;
+
+  signals:
+    void result( const GpgME::Error & error );
+  };
+
+}
+
+#endif // __KLEO_REFRESHKEYSJOB_H__
diff --git a/certmanager/lib/kleo/signencryptjob.h b/certmanager/lib/kleo/signencryptjob.h
new file mode 100644
index 000000000..42d3a179f
--- /dev/null
+++ b/certmanager/lib/kleo/signencryptjob.h
@@ -0,0 +1,103 @@
+/*
+    signencryptjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_SIGNENCRYPTJOB_H__
+#define __KLEO_SIGNENCRYPTJOB_H__
+
+#include <gpgmepp/context.h> // for Context::SignatureMode (or should
+			     // we roll our own enum here?)
+#include "job.h"
+#include <qcstring.h>
+
+#include <vector>
+#include <utility>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class SigningResult;
+  class EncryptionResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous combined signing and encrypting
+
+     To use a SignEncryptJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the operation with a
+     call to start(). This call might fail, in which case the
+     SignEncryptJob instance will have scheduled it's own destruction
+     with a call to QObject::deleteLater().
+
+     After result() is emitted, the SignEncryptJob will schedule it's
+     own destruction by calling QObject::deleteLater().
+  */
+  class SignEncryptJob : public Job {
+    Q_OBJECT
+  protected:
+    SignEncryptJob( QObject * parent, const char * name );
+  public:
+    ~SignEncryptJob();
+
+    /**
+       Starts the combined signing and encrypting operation. \a signers
+       is the list of keys to sign \a plainText with. \a recipients is
+       a list of keys to encrypt the signed \a plainText to. In both
+       lists, empty (null) keys are ignored.
+
+       If \a alwaysTrust is true, validity checking for the
+       \em recipient keys will not be performed, but full validity
+       assumed for all \em recipient keys without further checks.
+    */
+    virtual GpgME::Error start( const std::vector<GpgME::Key> & signers,
+				const std::vector<GpgME::Key> & recipients,
+				const QByteArray & plainText,
+				bool alwaysTrust=false ) = 0;
+
+    virtual std::pair<GpgME::SigningResult,GpgME::EncryptionResult>
+      exec( const std::vector<GpgME::Key> & signers,
+	    const std::vector<GpgME::Key> & recipients,
+	    const QByteArray & plainText,
+	    bool alwaysTrust, QByteArray & cipherText ) = 0;
+
+  signals:
+    void result( const GpgME::SigningResult & signingresult,
+		 const GpgME::EncryptionResult & encryptionresult,
+		 const QByteArray & cipherText );
+  };
+
+}
+
+#endif // __KLEO_SIGNENCRYPTJOB_H__
diff --git a/certmanager/lib/kleo/signjob.h b/certmanager/lib/kleo/signjob.h
new file mode 100644
index 000000000..17ea3d947
--- /dev/null
+++ b/certmanager/lib/kleo/signjob.h
@@ -0,0 +1,90 @@
+/*
+    signjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_SIGNJOB_H__
+#define __KLEO_SIGNJOB_H__
+
+#include <gpgmepp/context.h> // for Context::SignatureMode (or should
+			     // we roll our own enum here?)
+#include "job.h"
+#include <qcstring.h>
+
+#include <vector>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class SigningResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous signing
+
+     To use a SignJob, first obtain an instance from the CryptoBackend
+     implementation, connect the progress() and result() signals to
+     suitable slots and then start the signing with a call to
+     start(). This call might fail, in which case the SignJob instance
+     will have scheduled it's own destruction with a call to
+     QObject::deleteLater().
+
+     After result() is emitted, the SignJob will schedule it's own
+     destruction by calling QObject::deleteLater().
+  */
+  class SignJob : public Job {
+    Q_OBJECT
+  protected:
+    SignJob( QObject * parent, const char * name );
+  public:
+    ~SignJob();
+
+    /**
+       Starts the signing operation. \a signers is the list of keys to
+       sign \a plainText with. Empty (null) keys are ignored.
+    */
+    virtual GpgME::Error start( const std::vector<GpgME::Key> & signers,
+				const QByteArray & plainText,
+				GpgME::Context::SignatureMode mode ) = 0;
+    virtual GpgME::SigningResult exec( const std::vector<GpgME::Key> & signers,
+				       const QByteArray & plainText,
+				       GpgME::Context::SignatureMode mode,
+				       QByteArray & signature ) = 0;
+
+  signals:
+    void result( const GpgME::SigningResult & result, const QByteArray & signature );
+  };
+
+}
+
+#endif // __KLEO_SIGNJOB_H__
diff --git a/certmanager/lib/kleo/specialjob.h b/certmanager/lib/kleo/specialjob.h
new file mode 100644
index 000000000..e7280b0a5
--- /dev/null
+++ b/certmanager/lib/kleo/specialjob.h
@@ -0,0 +1,86 @@
+/*
+    specialjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_SPECIALJOB_H__
+#define __KLEO_SPECIALJOB_H__
+
+#include "job.h"
+
+namespace GpgME {
+  class Error;
+}
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for protocol-specific jobs
+
+     To use a SpecialJob, first obtain an instance from the
+     CryptoBackend implementation, connect progress() and result()
+     signals to suitable slots and then start the job with a call to
+     start(). This call might fail, in which case the SpecialJob
+     instance will have schedules its own destruction with a call to
+     QObject::deleteLater().
+
+     After result() is emitted, the SpecialJob will schedule its own
+     destruction by calling QObject::deleteLater().
+
+     Parameters are set using the Qt property system. More general, or
+     constructor parameters are given in the call to
+     Kleo::CryptoBackend::Protocol::specialJob().
+
+     The result is made available through the result signal, and
+     through the read-only result property, the latter of which needs
+     to be defined in each SpecialJob subclass.
+  */
+  class SpecialJob : public Job {
+    Q_OBJECT
+  protected:
+    SpecialJob( QObject * parent, const char * name );
+
+  public:
+   ~SpecialJob();
+
+    /**
+       Starts the special operation.
+    */
+    virtual GpgME::Error start() = 0;
+
+    virtual GpgME::Error exec() = 0;
+
+  signals:
+    void result( const GpgME::Error & result, const QVariant & data );
+  };
+
+}
+
+#endif // __KLEO_SPECIALJOB_H__
diff --git a/certmanager/lib/kleo/verifydetachedjob.h b/certmanager/lib/kleo/verifydetachedjob.h
new file mode 100644
index 000000000..f50fda546
--- /dev/null
+++ b/certmanager/lib/kleo/verifydetachedjob.h
@@ -0,0 +1,86 @@
+/*
+    verifydetachedjob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_VERIFYDETACHEDJOB_H__
+#define __KLEO_VERIFYDETACHEDJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class VerificationResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous verification of detached signatures
+
+     To use a VerifyDetachedJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the verification with a
+     call to start(). This call might fail, in which case the
+     VerifyDetachedJob instance will have scheduled it's own
+     destruction with a call to QObject::deleteLater().
+
+     After result() is emitted, the VerifyDetachedJob will schedule
+     it's own destruction by calling QObject::deleteLater().
+  */
+  class VerifyDetachedJob : public Job {
+    Q_OBJECT
+  protected:
+    VerifyDetachedJob( QObject * parent, const char * name );
+  public:
+    ~VerifyDetachedJob();
+
+    /**
+       Starts the verification operation. \a signature contains the
+       signature data, while \a signedData contains the data over
+       which the signature was made.
+    */
+    virtual GpgME::Error start( const QByteArray & signature,
+				const QByteArray & signedData ) = 0;
+
+    virtual GpgME::VerificationResult exec( const QByteArray & signature,
+					    const QByteArray & signedData ) = 0;
+
+  signals:
+    void result( const GpgME::VerificationResult & result );
+  };
+
+}
+
+#endif // __KLEO_VERIFYDETACHEDJOB_H__
diff --git a/certmanager/lib/kleo/verifyopaquejob.h b/certmanager/lib/kleo/verifyopaquejob.h
new file mode 100644
index 000000000..b38b18de1
--- /dev/null
+++ b/certmanager/lib/kleo/verifyopaquejob.h
@@ -0,0 +1,85 @@
+/*
+    verifyopaquejob.h
+
+    This file is part of libkleopatra, the KDE keymanagement library
+    Copyright (c) 2004 Klarälvdalens Datakonsult AB
+
+    Libkleopatra is free software; you can redistribute it and/or
+    modify it under the terms of the GNU General Public License as
+    published by the Free Software Foundation; either version 2 of the
+    License, or (at your option) any later version.
+
+    Libkleopatra is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+    In addition, as a special exception, the copyright holders give
+    permission to link the code of this program with any edition of
+    the Qt library by Trolltech AS, Norway (or with modified versions
+    of Qt that use the same license as Qt), and distribute linked
+    combinations including the two.  You must obey the GNU General
+    Public License in all respects for all of the code used other than
+    Qt.  If you modify this file, you may extend this exception to
+    your version of the file, but you are not obligated to do so.  If
+    you do not wish to do so, delete this exception statement from
+    your version.
+*/
+
+#ifndef __KLEO_VERIFYOPAQUEJOB_H__
+#define __KLEO_VERIFYOPAQUEJOB_H__
+
+#include "job.h"
+
+#include <qcstring.h>
+
+namespace GpgME {
+  class Error;
+  class Key;
+  class VerificationResult;
+}
+
+
+namespace Kleo {
+
+  /**
+     @short An abstract base class for asynchronous verification of opaque signatures
+
+     To use a VerifyOpaqueJob, first obtain an instance from the
+     CryptoBackend implementation, connect the progress() and result()
+     signals to suitable slots and then start the verification with a
+     call to start(). This call might fail, in which case the
+     VerifyOpaqueJob instance will have scheduled it's own
+     destruction with a call to QObject::deleteLater().
+
+     After result() is emitted, the VerifyOpaqueJob will schedule
+     it's own destruction by calling QObject::deleteLater().
+  */
+  class VerifyOpaqueJob : public Job {
+    Q_OBJECT
+  protected:
+    VerifyOpaqueJob( QObject * parent, const char * name );
+  public:
+    ~VerifyOpaqueJob();
+
+    /**
+       Starts the verification operation. \a signature contains the
+       signature data, while \a signedData contains the data over
+       which the signature was made.
+    */
+    virtual GpgME::Error start( const QByteArray & signedData ) = 0;
+
+    /** Synchronous version of @ref start */
+    virtual GpgME::VerificationResult exec( const QByteArray & signedData, QByteArray & plainText ) = 0;
+
+  signals:
+    void result( const GpgME::VerificationResult & result, const QByteArray & plainText );
+  };
+
+}
+
+#endif // __KLEO_VERIFYOPAQUEJOB_H__