diff --git a/src/kleo/keyresolver.cpp b/src/kleo/keyresolver.cpp
index 39b0a14..d0958db 100644
--- a/src/kleo/keyresolver.cpp
+++ b/src/kleo/keyresolver.cpp
@@ -1,751 +1,751 @@
 /*  -*- c++ -*-
     keyresolver.cpp
 
     This file is part of libkleopatra, the KDE keymanagement library
     Copyright (c) 2004 Klarälvdalens Datakonsult AB
     Copyright (c) 2018 Intevation GmbH
 
     Based on kpgp.cpp
     Copyright (C) 2001,2002 the KPGP authors
     See file libkdenetwork/AUTHORS.kpgp for details
 
     Libkleopatra is free software; you can redistribute it and/or
     modify it under the terms of the GNU General Public License as
     published by the Free Software Foundation; either version 2 of the
     License, or (at your option) any later version.
 
     Libkleopatra is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     General Public License for more details.
 
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
     In addition, as a special exception, the copyright holders give
     permission to link the code of this program with any edition of
     the Qt library by Trolltech AS, Norway (or with modified versions
     of Qt that use the same license as Qt), and distribute linked
     combinations including the two.  You must obey the GNU General
     Public License in all respects for all of the code used other than
     Qt.  If you modify this file, you may extend this exception to
     your version of the file, but you are not obligated to do so.  If
     you do not wish to do so, delete this exception statement from
     your version.
 */
 
 #include <gpgme++/key.h>
 
 #include "libkleo_debug.h"
 #include "keyresolver.h"
 #include "models/keycache.h"
 #include "utils/formatting.h"
 
 #include "ui/newkeyapprovaldialog.h"
 
 #include <QStringList>
 
 using namespace Kleo;
 
 namespace {
 
 static inline bool ValidEncryptionKey(const GpgME::Key &key)
 {
     if (key.isNull() || key.isRevoked() || key.isExpired() ||
         key.isDisabled() || !key.canEncrypt()) {
         return false;
     }
     return true;
 }
 
 static inline bool ValidSigningKey(const GpgME::Key &key)
 {
     if (key.isNull() || key.isRevoked() || key.isExpired() ||
         key.isDisabled() || !key.canSign() || !key.hasSecret()) {
         return false;
     }
     return true;
 }
 } // namespace
 
 class KeyResolver::Private
 {
 public:
     Private(KeyResolver* qq, bool enc, bool sig, CryptoMessageFormat fmt, bool allowMixed) :
             q(qq), mFormat(fmt), mEncrypt(enc), mSign(sig), mNag(true),
             mAllowMixed(allowMixed),
             mCache(KeyCache::instance()),
             mDialogWindowFlags(Qt::WindowFlags()),
             mPreferredProtocol(GpgME::UnknownProtocol),
             mMinimumValidity(GpgME::UserID::Marginal),
             mCompliance(Formatting::complianceMode())
     {
     }
 
     ~Private()
     {
     }
 
     bool isAcceptableSigningKey(const GpgME::Key &key)
     {
         if (!ValidSigningKey(key)) {
             return false;
         }
         if (mCompliance == QStringLiteral("de-vs")) {
             if (!Formatting::isKeyDeVs(key)) {
                 qCDebug(LIBKLEO_LOG) << "Rejected sig key" << key.primaryFingerprint()
                                      << "because it is not de-vs compliant.";
                 return false;
             }
         }
         return true;
     }
 
     bool isAcceptableEncryptionKey(const GpgME::Key &key, const QString &address = QString())
     {
         if (!ValidEncryptionKey(key)) {
             return false;
         }
 
         if (mCompliance == QStringLiteral("de-vs")) {
             if (!Formatting::isKeyDeVs(key)) {
                 qCDebug(LIBKLEO_LOG) << "Rejected enc key" << key.primaryFingerprint()
                                      << "because it is not de-vs compliant.";
                 return false;
             }
         }
 
         if (address.isEmpty()) {
             return true;
         }
         for (const auto &uid: key.userIDs()) {
             if (uid.addrSpec() == address.toStdString()) {
                 if (uid.validity() >= mMinimumValidity) {
                     return true;
                 }
             }
         }
         return false;
     }
 
     void addRecpients (const QStringList &addresses, bool hidden)
     {
         if (!mEncrypt) {
             return;
         }
 
         // Internally we work with normalized addresses. Normalization
         // matches the gnupg one.
         for (const auto &addr :addresses) {
             // PGP Uids are defined to be UTF-8 (RFC 4880 §5.11)
             const auto normalized = GpgME::UserID::addrSpecFromString (addr.toUtf8().constData());
             if (normalized.empty()) {
                 // should not happen bug in the caller, non localized
                 // error for bug reporting.
                 mFatalErrors << QStringLiteral("The mail address for '%1' could not be extracted").arg(addr);
                 continue;
             }
             const QString normStr = QString::fromUtf8(normalized.c_str());
 
             // Initially mark them as unresolved for both protocols
             if (!mUnresolvedCMS.contains(normStr)) {
                 mUnresolvedCMS << normStr;
             }
             if (!mUnresolvedPGP.contains(normStr)) {
                 mUnresolvedPGP << normStr;
             }
 
             // Add it to the according recipient lists
             if (hidden) {
                 mHiddenRecipients << normStr;
             } else {
                 mRecipients << normStr;
             }
         }
     }
 
     // Apply the overrides this is also where specific formats come in
     void resolveOverrides()
     {
         if (!mEncrypt) {
             // No encryption we are done.
             return;
         }
         for (CryptoMessageFormat fmt: mOverrides.keys()) {
             // Iterate over the crypto message formats
             if (mFormat != AutoFormat && mFormat != fmt && fmt != AutoFormat) {
                 // Skip overrides for the wrong format
                 continue;
             }
             for (const auto &addr: mOverrides[fmt].keys()) {
                 // For all address overrides of this format.
                 for (const auto &fprOrId: mOverrides[fmt][addr]) {
                     // For all the keys configured for this address.
                     const auto key = mCache->findByKeyIDOrFingerprint(fprOrId.toUtf8().constData());
                     if (key.isNull()) {
                         qCDebug (LIBKLEO_LOG) << "Failed to find override key for:" << addr
                             << "fpr:" << fprOrId;
                         continue;
                     }
 
                     // Now add it to the resolved keys and remove it from our list
                     // of unresolved keys.
                     QMap<CryptoMessageFormat, QMap <QString, std::vector<GpgME::Key> > > *targetMap;
                     if (mRecipients.contains(addr)) {
                         targetMap = &mEncKeys;
                     } else if (mHiddenRecipients.contains(addr)) {
                         targetMap = &mBccKeys;
                     } else {
                         qCWarning(LIBKLEO_LOG) << "Override provided for an address that is "
                             "neither sender nor recipient. Address: " << addr;
                         continue;
                     }
 
                     CryptoMessageFormat resolvedFmt = fmt;
                     if (fmt == AutoFormat) {
                         // Take the format from the key.
                         if (key.protocol() == GpgME::OpenPGP) {
                             resolvedFmt = AnyOpenPGP;
                         } else {
                             resolvedFmt = AnySMIME;
                         }
                     }
 
                     auto recpMap = targetMap->value(resolvedFmt);
                     auto keys = recpMap.value(addr);
                     keys.push_back(key);
                     recpMap.insert(addr, keys);
                     targetMap->insert(resolvedFmt, recpMap);
 
                     // Now we can remove it from our unresolved lists.
                     if (key.protocol() == GpgME::OpenPGP) {
                         mUnresolvedPGP.removeAll(addr);
                     } else {
                         mUnresolvedCMS.removeAll(addr);
                     }
                     qCDebug(LIBKLEO_LOG) << "Override" << addr << cryptoMessageFormatToString (fmt) << fprOrId;
                 }
             }
         }
     }
 
     void resolveSign(GpgME::Protocol proto)
     {
         auto fmt = proto == GpgME::OpenPGP ? AnyOpenPGP : AnySMIME;
         if (mSigKeys.contains(fmt)) {
             // Explicitly set
             return;
         }
         const auto keys = mCache->findBestByMailBox(mSender.toUtf8().constData(),
                                                     proto, true, false);
         for (const auto &key: keys) {
             if (key.isNull()) {
                 continue;
             }
             if (!isAcceptableSigningKey(key)) {
                 qCDebug(LIBKLEO_LOG) << "Unacceptable signing key" << key.primaryFingerprint()
                                      << "for" << mSender;
                 return;
             }
         }
 
         if (!keys.empty() && !keys[0].isNull()) {
             mSigKeys.insert(fmt, keys);
         }
     }
 
-    void setSigningKeys(const std::vector<GpgME::Key> keys)
+    void setSigningKeys(const std::vector<GpgME::Key> &keys)
     {
         if (mSign) {
             for (const auto &key: keys) {
                 const auto sigFmt = key.protocol() == GpgME::Protocol::OpenPGP ? AnyOpenPGP : AnySMIME;
                 auto list = mSigKeys.value(sigFmt);
                 list.push_back(key);
                 mSigKeys.insert(sigFmt, list);
             }
         }
     }
 
     // Try to find matching keys in the provided protocol for the unresolved addresses
     // only updates the any maps.
     void resolveEnc(GpgME::Protocol proto)
     {
         auto fmt = proto == GpgME::OpenPGP ? AnyOpenPGP : AnySMIME;
         auto encMap = mEncKeys.value(fmt);
         auto hiddenMap = mBccKeys.value(fmt);
         QMutableStringListIterator it((proto == GpgME::Protocol::OpenPGP) ? mUnresolvedPGP : mUnresolvedCMS);
         while (it.hasNext()) {
             const QString addr = it.next();
             const auto keys = mCache->findBestByMailBox(addr.toUtf8().constData(),
                                                         proto, false, true);
             if (keys.empty() || keys[0].isNull()) {
                 qCDebug(LIBKLEO_LOG) << "Failed to find any"
                                      << (proto == GpgME::Protocol::OpenPGP ? "OpenPGP" : "CMS")
                                      << "key for: " << addr;
                 continue;
             }
             if (keys.size() == 1) {
                 if (!isAcceptableEncryptionKey(keys[0], addr)) {
                     qCDebug(LIBKLEO_LOG) << "key for: " << addr << keys[0].primaryFingerprint()
                                          << "has not enough validity";
                     continue;
                 }
             } else {
                 // If we have one unacceptable group key we reject the
                 // whole group to avoid the situation where one key is
                 // skipped or the operation fails.
                 //
                 // We are in Autoresolve land here. In the GUI we
                 // will also show unacceptable group keys so that the
                 // user can see which key is not acceptable.
                 bool unacceptable = false;
                 for (const auto &key: keys) {
                     if (!isAcceptableEncryptionKey(key)) {
                         qCDebug(LIBKLEO_LOG) << "group key for: " << addr << keys[0].primaryFingerprint()
                                              << "has not enough validity";
                         unacceptable = true;
                         break;
                     }
                 }
                 if (unacceptable) {
                     continue;
                 }
             }
             if (mHiddenRecipients.contains(addr)) {
                 hiddenMap.insert(addr, keys);
             } else {
                 encMap.insert(addr, keys);
                 for (const auto &k: keys) {
                     if (!k.isNull()) {
                         qCDebug(LIBKLEO_LOG) << "Resolved encrypt to" << addr
                                              << "with key" << k.primaryFingerprint();
                     }
                 }
             }
             it.remove();
         }
         mEncKeys.insert(fmt, encMap);
         mBccKeys.insert(fmt, hiddenMap);
     }
 
     void encMapToSpecific(CryptoMessageFormat anyFormat, CryptoMessageFormat specificFormat,
                           QMap<CryptoMessageFormat, QMap<QString, std::vector<GpgME::Key> > >&encMap)
     {
         Q_ASSERT(anyFormat & specificFormat);
         if (!encMap.contains(anyFormat)) {
             return;
         }
         for (const auto &addr: encMap[anyFormat].keys()) {
             if (!encMap.contains(specificFormat)) {
                 encMap.insert(specificFormat, QMap<QString, std::vector<GpgME::Key> >());
             }
             encMap[specificFormat].insert(addr, encMap[anyFormat][addr]);
         }
         encMap.remove(anyFormat);
     }
 
     void reduceToSingle(CryptoMessageFormat targetFmt)
     {
         // We a have a specific format so we need to map any keys
         // into that format. This ignores overrides as the format
         // was explicitly set.
         CryptoMessageFormat srcFmt = (targetFmt & AnySMIME) ? AnySMIME : AnyOpenPGP;
         if (mSigKeys.contains(srcFmt)) {
             mSigKeys.insert(targetFmt, mSigKeys.take(srcFmt));
         }
         encMapToSpecific(srcFmt, targetFmt, mEncKeys);
         encMapToSpecific(srcFmt, targetFmt, mBccKeys);
     }
 
     void updateEncMap(QMap<QString, std::vector<GpgME::Key> > &target,
                       QMap<QString, std::vector<GpgME::Key> > &src)
     {
         for (const auto &addr: target.keys()) {
             if (src.contains(addr)) {
                 target.insert(addr, src[addr]);
             }
         }
     }
 
     void updateEncMaps(CryptoMessageFormat target, CryptoMessageFormat src)
     {
         if (mBccKeys.contains(src) && mBccKeys.contains(target)) {
             updateEncMap(mBccKeys[target], mBccKeys[src]);
         }
         if (mEncKeys.contains(src) && mEncKeys.contains(target)) {
             updateEncMap(mEncKeys[target], mEncKeys[src]);
         }
     }
 
     bool needsFormat(CryptoMessageFormat fmt)
     {
         return mBccKeys.contains(fmt) || mEncKeys.contains(fmt);
     }
 
     void selectFormats()
     {
         // Check if we can find a single common specific format that works
         if (mFormat != AutoFormat && mFormat != AnyOpenPGP && mFormat != AnySMIME) {
             reduceToSingle(mFormat);
         }
 
         // OpenPGP
         // By default prefer OpenPGPMIME
         bool needTwoPGP = needsFormat(OpenPGPMIMEFormat) && needsFormat(InlineOpenPGPFormat);
         reduceToSingle(OpenPGPMIMEFormat);
         if (needTwoPGP) {
             // We need two messages as we have conflicting preferences.
 
             // Then we need to check that if we sign the PGP MIME Message we
             // also sign the inline one.
             if (mSigKeys.contains(OpenPGPMIMEFormat)) {
                 mSigKeys.insert(InlineOpenPGPFormat,
                                 mSigKeys[OpenPGPMIMEFormat]);
             }
 
             // Then it's also possible that a user updated a key in the
             // UI so we need to check that too.
             updateEncMaps(InlineOpenPGPFormat, OpenPGPMIMEFormat);
         }
 
         // Similar for S/MIME
         bool needTwoSMIME = needsFormat(SMIMEOpaqueFormat) && needsFormat(SMIMEFormat);
         // Here we prefer real S/MIME
         reduceToSingle(SMIMEFormat);
         if (needTwoSMIME) {
             if (mSigKeys.contains(SMIMEFormat)) {
                 mSigKeys.insert(SMIMEOpaqueFormat,
                                 mSigKeys[SMIMEFormat]);
             }
             updateEncMaps(SMIMEOpaqueFormat, SMIMEFormat);
         }
         return;
     }
 
     void showApprovalDialog(QWidget *parent)
     {
         QMap<QString, std::vector<GpgME::Key> > resolvedSig;
         QStringList unresolvedSig;
         bool pgpOnly = mUnresolvedPGP.empty() && (!mSign || mSigKeys.contains(AnyOpenPGP));
         bool cmsOnly = mUnresolvedCMS.empty() && (!mSign || mSigKeys.contains(AnySMIME));
         // First handle the signing keys
         if (mSign) {
             if (mSigKeys.empty()) {
                 unresolvedSig << mSender;
             } else {
                 std::vector<GpgME::Key> resolvedSigKeys;
                 for (const auto &keys: mSigKeys) {
                     for (const auto &key: keys) {
                         if ((pgpOnly && key.protocol() != GpgME::OpenPGP) ||
                             (cmsOnly && key.protocol() != GpgME::CMS)) {
                             continue;
                         }
                         resolvedSigKeys.push_back(key);
                     }
                 }
                 resolvedSig.insert(mSender, resolvedSigKeys);
             }
         }
 
         // Now build the encryption keys
         QMap<QString, std::vector<GpgME::Key> > resolvedRecp;
         QStringList unresolvedRecp;
 
         if (mEncrypt) {
             // Use all unresolved recipients.
             if (!cmsOnly && !pgpOnly) {
                 if (mFormat & AutoFormat) {
                     // In Auto Format we can now remove recipients that could
                     // be resolved either through CMS or PGP
                     for (const auto &addr: mUnresolvedPGP) {
                         if (mUnresolvedCMS.contains(addr)) {
                             unresolvedRecp << addr;
                         }
                     }
                 } else if (mFormat & AnyOpenPGP) {
                     unresolvedRecp = mUnresolvedPGP;
                 } else if (mFormat & AnySMIME) {
                     unresolvedRecp = mUnresolvedCMS;
                 }
             }
 
             // Now Map all resolved encryption keys regardless of the format.
             for (const auto &map: mEncKeys.values()) {
                 // Foreach format
                 for (const auto &addr: map.keys()) {
                     // Foreach sender
                     if (!resolvedRecp.contains(addr) || !resolvedRecp[addr].size()) {
                         resolvedRecp.insert(addr, map[addr]);
                     } else {
                         qCDebug(LIBKLEO_LOG) << "Replacing resolved keys for" << addr
                                              << "with keys from new format.";
                         resolvedRecp[addr] = map[addr];
                     }
                 }
             }
         }
 
         // Do we force the protocol?
         GpgME::Protocol forcedProto = mFormat == AutoFormat ? GpgME::UnknownProtocol :
                                       mFormat & AnyOpenPGP ? GpgME::OpenPGP :
                                       GpgME::CMS;
 
         // Start with the protocol for which every keys could be found.
         GpgME::Protocol presetProtocol = pgpOnly ? GpgME::OpenPGP :
                                          cmsOnly ? GpgME::CMS :
                                          mPreferredProtocol;
 
         mDialog = std::shared_ptr<NewKeyApprovalDialog>(new NewKeyApprovalDialog(resolvedSig,
                                                                                  resolvedRecp,
                                                                                  unresolvedSig,
                                                                                  unresolvedRecp,
                                                                                  mSender,
                                                                                  mAllowMixed,
                                                                                  forcedProto,
                                                                                  presetProtocol,
                                                                                  parent,
                                                                                  mDialogWindowFlags));
         connect (mDialog.get(), &QDialog::accepted, q, [this] () {
             dialogAccepted();
         });
         connect (mDialog.get(), &QDialog::rejected, q, [this] () {
             Q_EMIT q->keysResolved(false, false);}
         );
         mDialog->open();
     }
 
     void dialogAccepted()
     {
         // Update keymaps accordingly
         mSigKeys.clear();
         for (const auto &key: mDialog->signingKeys()) {
             CryptoMessageFormat fmt = key.protocol() == GpgME::OpenPGP ? AnyOpenPGP : AnySMIME;
             if (!mSigKeys.contains(fmt)) {
                 mSigKeys.insert(fmt, std::vector<GpgME::Key>());
             }
             mSigKeys[fmt].push_back(key);
         }
         const auto &encMap = mDialog->encryptionKeys();
         // First we clear the Any Maps and fill them with
         // the results of the dialog. Then we use the sender
         // address to determine if a keys in the specific
         // maps need updating.
         mEncKeys.remove(AnyOpenPGP);
         mEncKeys.remove(AnySMIME);
         mBccKeys.remove(AnyOpenPGP);
         mBccKeys.remove(AnySMIME);
 
         bool isUnresolved = false;
         for (const auto &addr: encMap.keys()) {
             for (const auto &key: encMap[addr]) {
                 if (key.isNull()) {
                     isUnresolved = true;
                 }
                 CryptoMessageFormat fmt = key.protocol() == GpgME::OpenPGP ? AnyOpenPGP : AnySMIME;
                 // Should we add to hidden or normal?
                 QMap<CryptoMessageFormat, QMap<QString, std::vector<GpgME::Key> > > *targetMap =
                     mHiddenRecipients.contains(addr) ? &mBccKeys : &mEncKeys;
                 if (!targetMap->contains(fmt)) {
                     targetMap->insert(fmt, QMap<QString, std::vector<GpgME::Key> >());
                 }
 
                 if (!(*targetMap)[fmt].contains(addr)) {
                     (*targetMap)[fmt].insert(addr, std::vector<GpgME::Key>());
                 }
                 qCDebug (LIBKLEO_LOG) << "Adding" << addr << "for" << cryptoMessageFormatToString (fmt)
                                       << "fpr:" << key.primaryFingerprint();
 
                 (*targetMap)[fmt][addr].push_back(key);
             }
         }
 
         if (isUnresolved) {
             // TODO show warning
         }
 
         Q_EMIT q->keysResolved(true, false);
     }
 
     KeyResolver *q;
     QString mSender;
     QStringList mRecipients;
     QStringList mHiddenRecipients;
     QMap<CryptoMessageFormat, std::vector<GpgME::Key> > mSigKeys;
     QMap<CryptoMessageFormat, QMap<QString, std::vector<GpgME::Key> > >mEncKeys;
     QMap<CryptoMessageFormat, QMap<QString, std::vector<GpgME::Key> > >mBccKeys;
     QMap<CryptoMessageFormat, QMap<QString, QStringList> > mOverrides;
 
     QStringList mUnresolvedPGP, mUnresolvedCMS;
 
     CryptoMessageFormat mFormat;
     QStringList mFatalErrors;
     bool mEncrypt, mSign, mNag;
     bool mAllowMixed;
     // The cache is needed as a member variable to avoid rebuilding
     // it between calls if we are the only user.
     std::shared_ptr<const KeyCache> mCache;
     std::shared_ptr<NewKeyApprovalDialog> mDialog;
     Qt::WindowFlags mDialogWindowFlags;
     GpgME::Protocol mPreferredProtocol;
     int mMinimumValidity;
     QString mCompliance;
 };
 
 void KeyResolver::start(bool showApproval, QWidget *parentWidget)
 {
     qCDebug(LIBKLEO_LOG) << "Starting ";
     if (!d->mSign && !d->mEncrypt) {
         // nothing to do
         return Q_EMIT keysResolved(true, true);
     }
 
     // First resolve through overrides
     d->resolveOverrides();
 
     // Then look for signing / encryption keys
     if (d->mFormat & AnyOpenPGP) {
         d->resolveSign(GpgME::OpenPGP);
         d->resolveEnc(GpgME::OpenPGP);
     }
     bool pgpOnly = d->mUnresolvedPGP.empty() && (!d->mSign || d->mSigKeys.contains(AnyOpenPGP));
 
     if (d->mFormat & AnySMIME && !(d->mFormat == AutoFormat && pgpOnly)) {
         d->resolveSign(GpgME::CMS);
         d->resolveEnc(GpgME::CMS);
     }
     bool cmsOnly = d->mUnresolvedCMS.empty() && (!d->mSign || d->mSigKeys.contains(AnySMIME));
 
     // Check if we need the user to select different keys.
     bool needsUser = false;
     if (!pgpOnly && !cmsOnly) {
         for (const auto &unresolved: d->mUnresolvedPGP) {
             if (d->mUnresolvedCMS.contains(unresolved)) {
                 // We have at least one unresolvable key.
                 needsUser = true;
                 break;
             }
         }
         if (d->mSign) {
             // So every recipient could be resolved through
             // a combination of PGP and S/MIME do we also
             // have signing keys for both?
             needsUser |= !(d->mSigKeys.contains(AnyOpenPGP) &&
                            d->mSigKeys.contains(AnySMIME));
         }
     }
 
     if (!needsUser && !showApproval) {
         if (pgpOnly) {
             d->mSigKeys.remove(AnySMIME);
             d->mEncKeys.remove(AnySMIME);
             d->mBccKeys.remove(AnySMIME);
         }
         if (cmsOnly) {
             d->mSigKeys.remove(AnyOpenPGP);
             d->mEncKeys.remove(AnyOpenPGP);
             d->mBccKeys.remove(AnyOpenPGP);
         }
 
         d->selectFormats();
         qCDebug(LIBKLEO_LOG) << "Automatic key resolution done.";
         Q_EMIT keysResolved(true, false);
         return;
     } else if (!needsUser) {
         qCDebug(LIBKLEO_LOG) << "No need for the user showing approval anyway.";
     }
 
     d->showApprovalDialog(parentWidget);
 }
 
 KeyResolver::KeyResolver(bool encrypt, bool sign, CryptoMessageFormat fmt, bool allowMixed) :
     d(new Private(this, encrypt, sign, fmt, allowMixed))
 {
 }
 
 void KeyResolver::setRecipients(const QStringList &addresses)
 {
     d->addRecpients(addresses, false);
 }
 
 void KeyResolver::setSender(const QString &address)
 {
     const auto normalized = GpgME::UserID::addrSpecFromString (address.toUtf8().constData());
     if (normalized.empty()) {
         // should not happen bug in the caller, non localized
         // error for bug reporting.
         d->mFatalErrors << QStringLiteral("The sender address '%1' could not be extracted").arg(address);
         return;
     }
     const auto normStr = QString::fromUtf8(normalized.c_str());
     if (d->mSign) {
         d->mSender = normStr;
     }
     if (d->mEncrypt) {
         if (!d->mUnresolvedCMS.contains(normStr)) {
             d->mUnresolvedCMS << normStr;
         }
         if (!d->mUnresolvedPGP.contains(normStr)) {
             d->mUnresolvedPGP << normStr;
         }
     }
 }
 
 void KeyResolver::setHiddenRecipients(const QStringList &addresses)
 {
     d->addRecpients(addresses, true);
 }
 
 void KeyResolver::setOverrideKeys(const QMap<CryptoMessageFormat, QMap<QString, QStringList> > &overrides)
 {
     QMap<QString, QStringList> normalizedOverrides;
     for (const auto fmt: overrides.keys()) {
         for (const auto &addr: overrides[fmt].keys()) {
             const auto normalized = QString::fromUtf8(
                     GpgME::UserID::addrSpecFromString (addr.toUtf8().constData()).c_str());
             const auto fingerprints = overrides[fmt][addr];
             normalizedOverrides.insert(addr, fingerprints);
         }
         d->mOverrides.insert(fmt, normalizedOverrides);
     }
 }
 
 QMap <CryptoMessageFormat, QMap<QString, std::vector<GpgME::Key> > > KeyResolver::encryptionKeys() const
 {
     return d->mEncKeys;
 }
 
 QMap <CryptoMessageFormat, QMap<QString, std::vector<GpgME::Key> > > KeyResolver::hiddenKeys() const
 {
     return d->mBccKeys;
 }
 
 QMap <CryptoMessageFormat, std::vector<GpgME::Key> > KeyResolver::signingKeys() const
 {
     return d->mSigKeys;
 }
 
 QMap <CryptoMessageFormat, QMap<QString, QStringList> > KeyResolver::overrideKeys() const
 {
     return d->mOverrides;
 }
 
 void KeyResolver::enableNagging(bool value)
 {
     d->mNag = value;
 }
 
 void KeyResolver::setDialogWindowFlags(Qt::WindowFlags flags)
 {
     d->mDialogWindowFlags = flags;
 }
 
 void KeyResolver::setPreferredProtocol(GpgME::Protocol proto)
 {
     d->mPreferredProtocol = proto;
 }
 
 void KeyResolver::setMinimumValidity(int validity)
 {
     d->mMinimumValidity = validity;
 }
diff --git a/src/models/keycache.cpp b/src/models/keycache.cpp
index bcf76c7..c155fa8 100644
--- a/src/models/keycache.cpp
+++ b/src/models/keycache.cpp
@@ -1,1300 +1,1300 @@
 /* -*- mode: c++; c-basic-offset:4 -*-
     models/keycache.cpp
 
     This file is part of Kleopatra, the KDE keymanager
     Copyright (c) 2007,2008 Klarälvdalens Datakonsult AB
                   2018 Intevation GmbH
 
     Kleopatra is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation; either version 2 of the License, or
     (at your option) any later version.
 
     Kleopatra is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     General Public License for more details.
 
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
     In addition, as a special exception, the copyright holders give
     permission to link the code of this program with any edition of
     the Qt library by Trolltech AS, Norway (or with modified versions
     of Qt that use the same license as Qt), and distribute linked
     combinations including the two.  You must obey the GNU General
     Public License in all respects for all of the code used other than
     Qt.  If you modify this file, you may extend this exception to
     your version of the file, but you are not obligated to do so.  If
     you do not wish to do so, delete this exception statement from
     your version.
 */
 
 #include "keycache.h"
 #include "keycache_p.h"
 
 #include "libkleo_debug.h"
 
 #include "kleo/predicates.h"
 #include "kleo/stl_util.h"
 #include "kleo/dn.h"
 #include "utils/filesystemwatcher.h"
 
 #include <gpgme++/gpgmepp_version.h>
 #include <gpgme++/error.h>
 #include <gpgme++/key.h>
 #include <gpgme++/decryptionresult.h>
 #include <gpgme++/verificationresult.h>
 #include <gpgme++/keylistresult.h>
 
 #include <qgpgme/protocol.h>
 #include <qgpgme/listallkeysjob.h>
 #include <qgpgme/cryptoconfig.h>
 
 #include <gpg-error.h>
 
 //#include <kmime/kmime_header_parsing.h>
 
 
 #include <QPointer>
 #include <QTimer>
 #include <QEventLoop>
 
 #include <utility>
 #include <algorithm>
 #include <functional>
 #include <iterator>
 
 using namespace Kleo;
 using namespace GpgME;
 using namespace KMime::Types;
 
 static const unsigned int hours2ms = 1000 * 60 * 60;
 
 //
 //
 // KeyCache
 //
 //
 
 namespace
 {
 
 make_comparator_str(ByEMail, .first.c_str());
 
 }
 
 class KeyCache::Private
 {
     friend class ::Kleo::KeyCache;
     KeyCache *const q;
 public:
     explicit Private(KeyCache *qq) : q(qq), m_refreshInterval(1), m_initalized(false), m_pgpOnly(true)
     {
         connect(&m_autoKeyListingTimer, &QTimer::timeout, q, [this]() { q->startKeyListing(); });
         updateAutoKeyListingTimer();
     }
 
     ~Private()
     {
         if (m_refreshJob) {
             m_refreshJob->cancel();
         }
     }
 
     template < template <template <typename U> class Op> class Comp>
     std::vector<Key>::const_iterator find(const std::vector<Key> &keys, const char *key) const
     {
         ensureCachePopulated();
         const std::vector<Key>::const_iterator it =
             std::lower_bound(keys.begin(), keys.end(), key, Comp<std::less>());
         if (it == keys.end() || Comp<std::equal_to>()(*it, key)) {
             return it;
         } else {
             return keys.end();
         }
     }
 
     template < template <template <typename U> class Op> class Comp>
     std::vector<Subkey>::const_iterator find(const std::vector<Subkey> &keys, const char *key) const
     {
         ensureCachePopulated();
         const std::vector<Subkey>::const_iterator it =
             std::lower_bound(keys.begin(), keys.end(), key, Comp<std::less>());
         if (it == keys.end() || Comp<std::equal_to>()(*it, key)) {
             return it;
         } else {
             return keys.end();
         }
     }
 
     std::vector<Key>::const_iterator find_fpr(const char *fpr) const
     {
         return find<_detail::ByFingerprint>(by.fpr, fpr);
     }
 
     std::pair< std::vector< std::pair<std::string, Key> >::const_iterator,
         std::vector< std::pair<std::string, Key> >::const_iterator >
         find_email(const char *email) const
     {
         ensureCachePopulated();
         return std::equal_range(by.email.begin(), by.email.end(),
                                 email, ByEMail<std::less>());
     }
 
     std::vector<Key> find_mailbox(const QString &email, bool sign) const;
 
     std::vector<Subkey>::const_iterator find_subkeyid(const char *subkeyid) const
     {
         return find<_detail::ByKeyID>(by.subkeyid, subkeyid);
     }
 
     std::vector<Key>::const_iterator find_keyid(const char *keyid) const
     {
         return find<_detail::ByKeyID>(by.keyid, keyid);
     }
 
     std::vector<Key>::const_iterator find_shortkeyid(const char *shortkeyid) const
     {
         return find<_detail::ByShortKeyID>(by.shortkeyid, shortkeyid);
     }
 
     std::pair <
     std::vector<Key>::const_iterator,
         std::vector<Key>::const_iterator
         > find_subjects(const char *chain_id) const
     {
         ensureCachePopulated();
         return std::equal_range(by.chainid.begin(), by.chainid.end(),
                                 chain_id, _detail::ByChainID<std::less>());
     }
 
     void refreshJobDone(const KeyListResult &result);
 
     void setRefreshInterval(int interval)
     {
         m_refreshInterval = interval;
         updateAutoKeyListingTimer();
     }
 
     int refreshInterval() const
     {
         return m_refreshInterval;
     }
 
     void updateAutoKeyListingTimer()
     {
         setAutoKeyListingInterval(hours2ms * m_refreshInterval);
     }
     void setAutoKeyListingInterval(int ms)
     {
         m_autoKeyListingTimer.stop();
         m_autoKeyListingTimer.setInterval(ms);
         if (ms != 0) {
             m_autoKeyListingTimer.start();
         }
     }
 
     void ensureCachePopulated() const;
 
     void updateGroupCache() {
 
 #if GPGMEPP_VERSION < 0x10900 // 1.9.0
         // In GPGME before 1.9.0 string lists are
         // broken from cryptoconfig.
         return;
 #else
         // Update Group Keys
         // this is a quick thing as it only involves reading the config
         // so no need for a job.
 
         // According to Werner Koch groups are more of a hack to solve
         // a valid usecase (e.g. several keys defined for an internal mailing list)
         // that won't make it in the proper keylist interface. And using gpgconf
         // was the suggested way to support groups.
         auto conf = QGpgME::cryptoConfig();
         if (!conf) {
             return;
         }
 
         auto entry = conf->entry(QStringLiteral("gpg"),
                                  QStringLiteral("Configuration"),
                                  QStringLiteral("group"));
         if (!entry) {
             return;
         }
 
         m_groups.clear();
         for (const auto &value: entry->stringValueList()) {
             const auto split = value.split(QLatin1Char('='));
             if (split.size() != 2) {
                 qCDebug (LIBKLEO_LOG) << "Ignoring invalid group config:" << value;
                 continue;
             }
             const auto name = split[0];
             const auto key = q->findByFingerprint(split[1].toLatin1().constData());
             if (key.isNull()) {
                 qCDebug (LIBKLEO_LOG) << "Ignoring unknown fingerprint:" << split[1] << "in group" << name;
                 continue;
             }
             auto vec = m_groups.value(name);
             vec.push_back(key);
             m_groups.insert(name, vec);
         }
 #endif
     }
 
 private:
     QPointer<RefreshKeysJob> m_refreshJob;
     std::vector<std::shared_ptr<FileSystemWatcher> > m_fsWatchers;
     QTimer m_autoKeyListingTimer;
     int m_refreshInterval;
 
     struct By {
         std::vector<Key> fpr, keyid, shortkeyid, chainid;
         std::vector< std::pair<std::string, Key> > email;
         std::vector<Subkey> subkeyid;
     } by;
     bool m_initalized;
     bool m_pgpOnly;
     QMap <QString, std::vector<Key> > m_groups;
 };
 
 std::shared_ptr<const KeyCache> KeyCache::instance()
 {
     return mutableInstance();
 }
 
 std::shared_ptr<KeyCache> KeyCache::mutableInstance()
 {
     static std::weak_ptr<KeyCache> self;
     try {
         return std::shared_ptr<KeyCache>(self);
     } catch (const std::bad_weak_ptr &) {
         const std::shared_ptr<KeyCache> s(new KeyCache);
         self = s;
         return s;
     }
 }
 
 KeyCache::KeyCache()
     : QObject(), d(new Private(this))
 {
 
 }
 
 KeyCache::~KeyCache() {}
 
 void KeyCache::enableFileSystemWatcher(bool enable)
 {
     for (const auto &i : qAsConst(d->m_fsWatchers)) {
         i->setEnabled(enable);
     }
 }
 
 void KeyCache::setRefreshInterval(int hours)
 {
     d->setRefreshInterval(hours);
 }
 
 int KeyCache::refreshInterval() const
 {
     return d->refreshInterval();
 }
 
 void KeyCache::reload(GpgME::Protocol /*proto*/)
 {
     if (d->m_refreshJob) {
         return;
     }
 
     d->updateAutoKeyListingTimer();
 
     enableFileSystemWatcher(false);
     d->m_refreshJob = new RefreshKeysJob(this);
     connect(d->m_refreshJob.data(), &RefreshKeysJob::done,
             this, [this](const GpgME::KeyListResult &r) {
                 d->refreshJobDone(r);
             });
     d->m_refreshJob->start();
 }
 
 void KeyCache::cancelKeyListing()
 {
     if (!d->m_refreshJob) {
         return;
     }
     d->m_refreshJob->cancel();
 }
 
 void KeyCache::addFileSystemWatcher(const std::shared_ptr<FileSystemWatcher> &watcher)
 {
     if (!watcher) {
         return;
     }
     d->m_fsWatchers.push_back(watcher);
     connect(watcher.get(), &FileSystemWatcher::directoryChanged,
             this, [this]() { startKeyListing(); });
     connect(watcher.get(), &FileSystemWatcher::fileChanged,
             this, [this]() { startKeyListing(); });
 
     watcher->setEnabled(d->m_refreshJob.isNull());
 }
 
 void KeyCache::Private::refreshJobDone(const KeyListResult &result)
 {
     q->enableFileSystemWatcher(true);
     m_initalized = true;
     updateGroupCache();
     Q_EMIT q->keyListingDone(result);
 }
 
 const Key &KeyCache::findByFingerprint(const char *fpr) const
 {
     const std::vector<Key>::const_iterator it = d->find_fpr(fpr);
     if (it == d->by.fpr.end()) {
         static const Key null;
         return null;
     } else {
         return *it;
     }
 }
 
 const Key &KeyCache::findByFingerprint(const std::string &fpr) const
 {
     return findByFingerprint(fpr.c_str());
 }
 
 std::vector<Key> KeyCache::findByEMailAddress(const char *email) const
 {
     const auto pair = d->find_email(email);
     std::vector<Key> result;
     result.reserve(std::distance(pair.first, pair.second));
     std::transform(pair.first, pair.second,
                    std::back_inserter(result),
                    [](const std::pair<std::string, Key> &pair) {
                        return pair.second;
                    });
     return result;
 }
 
 std::vector<Key> KeyCache::findByEMailAddress(const std::string &email) const
 {
     return findByEMailAddress(email.c_str());
 }
 
 const Key &KeyCache::findByShortKeyID(const char *id) const
 {
     const std::vector<Key>::const_iterator it = d->find_shortkeyid(id);
     if (it != d->by.shortkeyid.end()) {
         return *it;
     }
     static const Key null;
     return null;
 }
 
 const Key &KeyCache::findByShortKeyID(const std::string &id) const
 {
     return findByShortKeyID(id.c_str());
 }
 
 const Key &KeyCache::findByKeyIDOrFingerprint(const char *id) const
 {
     {
         // try by.fpr first:
         const std::vector<Key>::const_iterator it = d->find_fpr(id);
         if (it != d->by.fpr.end()) {
             return *it;
         }
     }{
         // try by.keyid next:
         const std::vector<Key>::const_iterator it = d->find_keyid(id);
         if (it != d->by.keyid.end()) {
             return *it;
         }
     }
     static const Key null;
     return null;
 }
 
 const Key &KeyCache::findByKeyIDOrFingerprint(const std::string &id) const
 {
     return findByKeyIDOrFingerprint(id.c_str());
 }
 
 std::vector<Key> KeyCache::findByKeyIDOrFingerprint(const std::vector<std::string> &ids) const
 {
 
     std::vector<std::string> keyids;
     std::remove_copy_if(ids.begin(), ids.end(), std::back_inserter(keyids),
                         [](const std::string &str) {
                             return !str.c_str() || !*str.c_str();
                         });
 
     // this is just case-insensitive string search:
     std::sort(keyids.begin(), keyids.end(), _detail::ByFingerprint<std::less>());
 
     std::vector<Key> result;
     result.reserve(keyids.size());   // dups shouldn't happen
     d->ensureCachePopulated();
 
     kdtools::set_intersection(d->by.fpr.begin(), d->by.fpr.end(),
                               keyids.begin(), keyids.end(),
                               std::back_inserter(result),
                               _detail::ByFingerprint<std::less>());
     if (result.size() < keyids.size()) {
         // note that By{Fingerprint,KeyID,ShortKeyID} define the same
         // order for _strings_
         kdtools::set_intersection(d->by.keyid.begin(), d->by.keyid.end(),
                                   keyids.begin(), keyids.end(),
                                   std::back_inserter(result),
                                   _detail::ByKeyID<std::less>());
     }
     // duplicates shouldn't happen, but make sure nonetheless:
     std::sort(result.begin(), result.end(), _detail::ByFingerprint<std::less>());
     result.erase(std::unique(result.begin(), result.end(), _detail::ByFingerprint<std::equal_to>()), result.end());
 
     // we skip looking into short key ids here, as it's highly
     // unlikely they're used for this purpose. We might need to revise
     // this decision, but only after testing.
     return result;
 }
 
 std::vector<Subkey> KeyCache::findSubkeysByKeyID(const std::vector<std::string> &ids) const
 {
     std::vector<std::string> sorted;
     sorted.reserve(ids.size());
     std::remove_copy_if(ids.begin(), ids.end(), std::back_inserter(sorted),
                         [](const std::string &str) {
                             return !str.c_str() || !*str.c_str();
                         });
 
     std::sort(sorted.begin(), sorted.end(), _detail::ByKeyID<std::less>());
 
     std::vector<Subkey> result;
     d->ensureCachePopulated();
     kdtools::set_intersection(d->by.subkeyid.begin(), d->by.subkeyid.end(),
                               sorted.begin(), sorted.end(),
                               std::back_inserter(result),
                               _detail::ByKeyID<std::less>());
     return result;
 }
 
 std::vector<Key> KeyCache::findRecipients(const DecryptionResult &res) const
 {
     std::vector<std::string> keyids;
     Q_FOREACH (const DecryptionResult::Recipient &r, res.recipients())
         if (const char *kid = r.keyID()) {
             keyids.push_back(kid);
         }
     const std::vector<Subkey> subkeys = findSubkeysByKeyID(keyids);
     std::vector<Key> result;
     result.reserve(subkeys.size());
     std::transform(subkeys.begin(), subkeys.end(), std::back_inserter(result),
                    std::mem_fn(&Subkey::parent));
 
     std::sort(result.begin(), result.end(), _detail::ByFingerprint<std::less>());
     result.erase(std::unique(result.begin(), result.end(), _detail::ByFingerprint<std::equal_to>()), result.end());
     return result;
 }
 
 std::vector<Key> KeyCache::findSigners(const VerificationResult &res) const
 {
     std::vector<std::string> fprs;
     Q_FOREACH (const Signature &s, res.signatures())
         if (const char *fpr = s.fingerprint()) {
             fprs.push_back(fpr);
         }
     return findByKeyIDOrFingerprint(fprs);
 }
 
 std::vector<Key> KeyCache::findSigningKeysByMailbox(const QString &mb) const
 {
     return d->find_mailbox(mb, true);
 }
 
 std::vector<Key> KeyCache::findEncryptionKeysByMailbox(const QString &mb) const
 {
     return d->find_mailbox(mb, false);
 }
 
 namespace
 {
 #define DO( op, meth, meth2 ) if ( op key.meth() ) {} else { qDebug( "rejecting for signing: %s: %s", #meth2, key.primaryFingerprint() ); return false; }
 #define ACCEPT( meth ) DO( !!, meth, !meth )
 #define REJECT( meth ) DO( !, meth, meth )
 struct ready_for_signing : std::unary_function<Key, bool> {
     bool operator()(const Key &key) const
     {
 #if 1
         ACCEPT(hasSecret);
         ACCEPT(canReallySign);
         REJECT(isRevoked);
         REJECT(isExpired);
         REJECT(isDisabled);
         REJECT(isInvalid);
         return true;
 #else
         return key.hasSecret() &&
                key.canReallySign() && !key.isRevoked() && !key.isExpired() && !key.isDisabled() && !key.isInvalid();
 #endif
 #undef DO
     }
 };
 
 struct ready_for_encryption : std::unary_function<Key, bool> {
 #define DO( op, meth, meth2 ) if ( op key.meth() ) {} else { qDebug( "rejecting for encrypting: %s: %s", #meth2, key.primaryFingerprint() ); return false; }
     bool operator()(const Key &key) const
     {
 #if 1
         ACCEPT(canEncrypt);
         REJECT(isRevoked);
         REJECT(isExpired);
         REJECT(isDisabled);
         REJECT(isInvalid);
         return true;
 #else
         return
             key.canEncrypt()    && !key.isRevoked() && !key.isExpired() && !key.isDisabled() && !key.isInvalid();
 #endif
     }
 #undef DO
 #undef ACCEPT
 #undef REJECT
 };
 }
 
 std::vector<Key> KeyCache::Private::find_mailbox(const QString &email, bool sign) const
 {
     if (email.isEmpty()) {
         return std::vector<Key>();
     }
 
     const auto pair = find_email(email.toUtf8().constData());
     std::vector<Key> result;
     result.reserve(std::distance(pair.first, pair.second));
     if (sign)
         kdtools::copy_2nd_if(pair.first, pair.second,
                              std::back_inserter(result),
                              ready_for_signing());
     else
         kdtools::copy_2nd_if(pair.first, pair.second,
                              std::back_inserter(result),
                              ready_for_encryption());
 
     return result;
 }
 
 std::vector<Key> KeyCache::findSubjects(const GpgME::Key &key, Options options) const
 {
     return findSubjects(std::vector<Key>(1, key), options);
 }
 
 std::vector<Key> KeyCache::findSubjects(const std::vector<Key> &keys, Options options) const
 {
     return findSubjects(keys.begin(), keys.end(), options);
 }
 
 std::vector<Key> KeyCache::findSubjects(std::vector<Key>::const_iterator first, std::vector<Key>::const_iterator last, Options options) const
 {
 
     if (first == last) {
         return std::vector<Key>();
     }
 
     std::vector<Key> result;
     while (first != last) {
         const auto pair = d->find_subjects(first->primaryFingerprint());
         result.insert(result.end(), pair.first, pair.second);
         ++first;
     }
 
     std::sort(result.begin(), result.end(), _detail::ByFingerprint<std::less>());
     result.erase(std::unique(result.begin(), result.end(), _detail::ByFingerprint<std::equal_to>()), result.end());
 
     if (options & RecursiveSearch) {
         const std::vector<Key> furtherSubjects = findSubjects(result, options);
         std::vector<Key> combined;
         combined.reserve(result.size() + furtherSubjects.size());
         std::merge(result.begin(), result.end(),
                    furtherSubjects.begin(), furtherSubjects.end(),
                    std::back_inserter(combined),
                    _detail::ByFingerprint<std::less>());
         combined.erase(std::unique(combined.begin(), combined.end(), _detail::ByFingerprint<std::equal_to>()), combined.end());
         result.swap(combined);
     }
 
     return result;
 }
 
 std::vector<Key> KeyCache::findIssuers(const Key &key, Options options) const
 {
 
     if (key.isNull()) {
         return std::vector<Key>();
     }
 
     std::vector<Key> result;
     if (options & IncludeSubject) {
         result.push_back(key);
     }
 
     if (key.isRoot()) {
         return result;
     }
 
     const Key &issuer = findByFingerprint(key.chainID());
 
     if (issuer.isNull()) {
         return result;
     }
 
     result.push_back(issuer);
 
     if (!(options & RecursiveSearch)) {
         return result;
     }
 
     while (!result.back().isNull() && !result.back().isRoot()) {
         result.push_back(findByFingerprint(result.back().chainID()));
     }
 
     if (result.back().isNull()) {
         result.pop_back();
     }
 
     return result;
 }
 
 std::vector<Key> KeyCache::findIssuers(const std::vector<Key> &keys, Options options) const
 {
     return findIssuers(keys.begin(), keys.end(), options);
 }
 
 std::vector<Key> KeyCache::findIssuers(std::vector<Key>::const_iterator first, std::vector<Key>::const_iterator last, Options options) const
 {
 
     if (first == last) {
         return std::vector<Key>();
     }
 
     // extract chain-ids, identifying issuers:
     std::vector<const char *> chainIDs;
     chainIDs.reserve(last - first);
     kdtools::transform_if(first, last, std::back_inserter(chainIDs),
                           std::mem_fn(&Key::chainID),
                           [](const Key &key) { return !key.isRoot(); });
     std::sort(chainIDs.begin(), chainIDs.end(), _detail::ByFingerprint<std::less>());
 
     const auto lastUniqueChainID = std::unique(chainIDs.begin(), chainIDs.end(), _detail::ByFingerprint<std::less>());
 
     std::vector<Key> result;
     result.reserve(lastUniqueChainID - chainIDs.begin());
 
     d->ensureCachePopulated();
 
     kdtools::set_intersection(d->by.fpr.begin(), d->by.fpr.end(),
                               chainIDs.begin(), lastUniqueChainID,
                               std::back_inserter(result),
                               _detail::ByFingerprint<std::less>());
 
     if (options & IncludeSubject) {
         const unsigned int rs = result.size();
         result.insert(result.end(), first, last);
         std::inplace_merge(result.begin(), result.begin() + rs, result.end(),
                            _detail::ByFingerprint<std::less>());
     }
 
     if (!(options & RecursiveSearch)) {
         return result;
     }
 
     const std::vector<Key> l2result = findIssuers(result, options & ~IncludeSubject);
 
     const unsigned long result_size = result.size();
     result.insert(result.end(), l2result.begin(), l2result.end());
     std::inplace_merge(result.begin(), result.begin() + result_size, result.end(),
                        _detail::ByFingerprint<std::less>());
     return result;
 }
 
 static std::string email(const UserID &uid)
 {
     // Prefer the gnupg normalized one
     const std::string addr = uid.addrSpec();
     if (!addr.empty()) {
         return addr;
     }
     const std::string email = uid.email();
     if (email.empty()) {
         return DN(uid.id())[QStringLiteral("EMAIL")].trimmed().toUtf8().constData();
     }
     if (email[0] == '<' && email[email.size() - 1] == '>') {
         return email.substr(1, email.size() - 2);
     } else {
         return email;
     }
 }
 
 static std::vector<std::string> emails(const Key &key)
 {
     std::vector<std::string> emails;
     Q_FOREACH (const UserID &uid, key.userIDs()) {
         const std::string e = email(uid);
         if (!e.empty()) {
             emails.push_back(e);
         }
     }
     std::sort(emails.begin(), emails.end(), ByEMail<std::less>());
     emails.erase(std::unique(emails.begin(), emails.end(), ByEMail<std::equal_to>()), emails.end());
     return emails;
 }
 
 void KeyCache::remove(const Key &key)
 {
     if (key.isNull()) {
         return;
     }
 
     const char *fpr = key.primaryFingerprint();
     if (!fpr) {
         return;
     }
 
     Q_EMIT aboutToRemove(key);
 
     {
         const auto range = std::equal_range(d->by.fpr.begin(), d->by.fpr.end(), fpr,
                                             _detail::ByFingerprint<std::less>());
         d->by.fpr.erase(range.first, range.second);
     }
 
     if (const char *keyid = key.keyID()) {
         const auto range = std::equal_range(d->by.keyid.begin(), d->by.keyid.end(), keyid,
                                             _detail::ByKeyID<std::less>());
         const auto it = std::remove_if(range.first, range.second,
                                        [fpr](const GpgME::Key &key) {
                                            return _detail::ByFingerprint<std::equal_to>()(fpr, key);
                                        });
         d->by.keyid.erase(it, range.second);
     }
 
     if (const char *shortkeyid = key.shortKeyID()) {
         const auto range = std::equal_range(d->by.shortkeyid.begin(), d->by.shortkeyid.end(), shortkeyid,
                                             _detail::ByShortKeyID<std::less>());
         const auto it = std::remove_if(range.first, range.second,
                                        [fpr](const GpgME::Key &key) {
                                            return _detail::ByFingerprint<std::equal_to>()(fpr, key);
                                        });
         d->by.shortkeyid.erase(it, range.second);
     }
 
     if (const char *chainid = key.chainID()) {
         const auto range = std::equal_range(d->by.chainid.begin(), d->by.chainid.end(), chainid,
                                             _detail::ByChainID<std::less>());
         const auto range2 = std::equal_range(range.first, range.second, fpr, _detail::ByFingerprint<std::less>());
         d->by.chainid.erase(range2.first, range2.second);
     }
 
     Q_FOREACH (const std::string &email, emails(key)) {
         const auto range = std::equal_range(d->by.email.begin(), d->by.email.end(), email, ByEMail<std::less>());
         const auto it = std::remove_if(range.first, range.second,
                                        [fpr](const std::pair<std::string, Key> &pair) {
                                            return qstricmp(fpr, pair.second.primaryFingerprint()) == 0;
                                        });
         d->by.email.erase(it, range.second);
     }
 
     Q_FOREACH (const Subkey &subkey, key.subkeys()) {
         if (const char *keyid = subkey.keyID()) {
             const auto range = std::equal_range(d->by.subkeyid.begin(), d->by.subkeyid.end(), keyid,
                                                 _detail::ByKeyID<std::less>());
             const auto range2 = std::equal_range(range.first, range.second, fpr, _detail::ByKeyID<std::less>());
             d->by.subkeyid.erase(range2.first, range2.second);
         }
     }
 }
 
 void KeyCache::remove(const std::vector<Key> &keys)
 {
     for (const Key &key : keys) {
         remove(key);
     }
 }
 
 const std::vector<GpgME::Key> &KeyCache::keys() const
 {
     d->ensureCachePopulated();
     return d->by.fpr;
 }
 
 std::vector<Key> KeyCache::secretKeys() const
 {
     std::vector<Key> keys = this->keys();
     keys.erase(std::remove_if(keys.begin(), keys.end(),
                               [](const Key &key) { return !key.hasSecret(); }),
                keys.end());
     return keys;
 }
 
 void KeyCache::refresh(const std::vector<Key> &keys)
 {
     // make this better...
     clear();
     insert(keys);
 }
 
 void KeyCache::insert(const Key &key)
 {
     insert(std::vector<Key>(1, key));
 }
 
 namespace
 {
 
 template <
     template <template <typename T> class Op> class T1,
     template <template <typename T> class Op> class T2
     > struct lexicographically
 {
     typedef bool result_type;
 
     template <typename U, typename V>
     bool operator()(const U &lhs, const V &rhs) const
     {
         return
             T1<std::less>()(lhs, rhs) ||
             (T1<std::equal_to>()(lhs, rhs) &&
              T2<std::less>()(lhs, rhs))
             ;
     }
 };
 
 }
 
 void KeyCache::insert(const std::vector<Key> &keys)
 {
 
     // 1. remove those with empty fingerprints:
     std::vector<Key> sorted;
     sorted.reserve(keys.size());
     std::remove_copy_if(keys.begin(), keys.end(),
                         std::back_inserter(sorted),
                         [](const Key &key) {
                             auto fp = key.primaryFingerprint();
                             return !fp|| !*fp;
                         });
 
     Q_FOREACH (const Key &key, sorted) {
         remove(key);    // this is sub-optimal, but makes implementation from here on much easier
     }
 
     // 2. sort by fingerprint:
     std::sort(sorted.begin(), sorted.end(), _detail::ByFingerprint<std::less>());
 
     // 2a. insert into fpr index:
     std::vector<Key> by_fpr;
     by_fpr.reserve(sorted.size() + d->by.fpr.size());
     std::merge(sorted.begin(), sorted.end(),
                d->by.fpr.begin(), d->by.fpr.end(),
                std::back_inserter(by_fpr),
                _detail::ByFingerprint<std::less>());
 
     // 3. build email index:
     std::vector< std::pair<std::string, Key> > pairs;
     pairs.reserve(sorted.size());
     Q_FOREACH (const Key &key, sorted) {
         const std::vector<std::string> emails = ::emails(key);
         for (const std::string &e : emails) {
             pairs.push_back(std::make_pair(e, key));
         }
     }
     std::sort(pairs.begin(), pairs.end(), ByEMail<std::less>());
 
     // 3a. insert into email index:
     std::vector< std::pair<std::string, Key> > by_email;
     by_email.reserve(pairs.size() + d->by.email.size());
     std::merge(pairs.begin(), pairs.end(),
                d->by.email.begin(), d->by.email.end(),
                std::back_inserter(by_email),
                ByEMail<std::less>());
 
     // 3.5: stable-sort by chain-id (effectively lexicographically<ByChainID,ByFingerprint>)
     std::stable_sort(sorted.begin(), sorted.end(), _detail::ByChainID<std::less>());
 
     // 3.5a: insert into chain-id index:
     std::vector<Key> nonroot;
     nonroot.reserve(sorted.size());
     std::vector<Key> by_chainid;
     by_chainid.reserve(sorted.size() + d->by.chainid.size());
     std::copy_if(sorted.cbegin(), sorted.cend(),
                  std::back_inserter(nonroot),
                  [](const Key &key) { return !key.isRoot(); });
     std::merge(nonroot.cbegin(), nonroot.cend(),
                d->by.chainid.cbegin(), d->by.chainid.cend(),
                std::back_inserter(by_chainid),
                lexicographically<_detail::ByChainID, _detail::ByFingerprint>());
 
     // 4. sort by key id:
     std::sort(sorted.begin(), sorted.end(), _detail::ByKeyID<std::less>());
 
     // 4a. insert into keyid index:
     std::vector<Key> by_keyid;
     by_keyid.reserve(sorted.size() + d->by.keyid.size());
     std::merge(sorted.begin(), sorted.end(),
                d->by.keyid.begin(), d->by.keyid.end(),
                std::back_inserter(by_keyid),
                _detail::ByKeyID<std::less>());
 
     // 5. sort by short key id:
     std::sort(sorted.begin(), sorted.end(), _detail::ByShortKeyID<std::less>());
 
     // 5a. insert into short keyid index:
     std::vector<Key> by_shortkeyid;
     by_shortkeyid.reserve(sorted.size() + d->by.shortkeyid.size());
     std::merge(sorted.begin(), sorted.end(),
                d->by.shortkeyid.begin(), d->by.shortkeyid.end(),
                std::back_inserter(by_shortkeyid),
                _detail::ByShortKeyID<std::less>());
 
     // 6. build subkey ID index:
     std::vector<Subkey> subkeys;
     subkeys.reserve(sorted.size());
     Q_FOREACH (const Key &key, sorted)
         Q_FOREACH (const Subkey &subkey, key.subkeys()) {
             subkeys.push_back(subkey);
         }
 
     // 6a sort by key id:
     std::sort(subkeys.begin(), subkeys.end(), _detail::ByKeyID<std::less>());
 
     // 6b. insert into subkey ID index:
     std::vector<Subkey> by_subkeyid;
     by_email.reserve(subkeys.size() + d->by.subkeyid.size());
     std::merge(subkeys.begin(), subkeys.end(),
                d->by.subkeyid.begin(), d->by.subkeyid.end(),
                std::back_inserter(by_subkeyid),
                _detail::ByKeyID<std::less>());
 
     // now commit (well, we already removed keys...)
     by_fpr.swap(d->by.fpr);
     by_keyid.swap(d->by.keyid);
     by_shortkeyid.swap(d->by.shortkeyid);
     by_email.swap(d->by.email);
     by_subkeyid.swap(d->by.subkeyid);
     by_chainid.swap(d->by.chainid);
 
     for (const Key &key : qAsConst(sorted)) {
         d->m_pgpOnly &= key.protocol() == GpgME::OpenPGP;
         Q_EMIT added(key);
     }
 
     Q_EMIT keysMayHaveChanged();
 }
 
 void KeyCache::clear()
 {
     d->by = Private::By();
 }
 
 //
 //
 // RefreshKeysJob
 //
 //
 
 class KeyCache::RefreshKeysJob::Private
 {
     RefreshKeysJob *const q;
 public:
     Private(KeyCache *cache, RefreshKeysJob *qq);
     void doStart();
     Error startKeyListing(GpgME::Protocol protocol);
     void listAllKeysJobDone(const KeyListResult &res, const std::vector<Key> &nextKeys)
     {
         std::vector<Key> keys;
         keys.reserve(m_keys.size() + nextKeys.size());
         if (m_keys.empty()) {
             keys = nextKeys;
         } else
             std::merge(m_keys.begin(), m_keys.end(),
                        nextKeys.begin(), nextKeys.end(),
                        std::back_inserter(keys),
                        _detail::ByFingerprint<std::less>());
         m_keys.swap(keys);
         jobDone(res);
     }
     void emitDone(const KeyListResult &result);
     void updateKeyCache();
 
     QPointer<KeyCache> m_cache;
     QVector<QGpgME::ListAllKeysJob*> m_jobsPending;
     std::vector<Key> m_keys;
     KeyListResult m_mergedResult;
     bool m_canceled;
 
 private:
     void jobDone(const KeyListResult &res);
 };
 
 KeyCache::RefreshKeysJob::Private::Private(KeyCache *cache, RefreshKeysJob *qq)
     : q(qq)
     , m_cache(cache)
     , m_canceled(false)
 {
     Q_ASSERT(m_cache);
 }
 
 void KeyCache::RefreshKeysJob::Private::jobDone(const KeyListResult &result)
 {
     if (m_canceled) {
         q->deleteLater();
         return;
     }
 
     QObject *const sender = q->sender();
     if (sender) {
         sender->disconnect(q);
     }
     Q_ASSERT(m_jobsPending.size() > 0);
     m_jobsPending.removeOne(qobject_cast<QGpgME::ListAllKeysJob*>(sender));
     m_mergedResult.mergeWith(result);
     if (m_jobsPending.size() > 0) {
         return;
     }
     updateKeyCache();
     emitDone(m_mergedResult);
 }
 
 void KeyCache::RefreshKeysJob::Private::emitDone(const KeyListResult &res)
 {
     q->deleteLater();
     Q_EMIT q->done(res);
 }
 
 KeyCache::RefreshKeysJob::RefreshKeysJob(KeyCache *cache, QObject *parent) : QObject(parent), d(new Private(cache, this))
 {
 }
 
 KeyCache::RefreshKeysJob::~RefreshKeysJob() {}
 
 void KeyCache::RefreshKeysJob::start()
 {
     QTimer::singleShot(0, this, [this](){ d->doStart(); });
 }
 
 void KeyCache::RefreshKeysJob::cancel()
 {
     d->m_canceled = true;
     std::for_each(d->m_jobsPending.begin(), d->m_jobsPending.end(),
                   std::mem_fn(&QGpgME::ListAllKeysJob::slotCancel));
     Q_EMIT canceled();
 }
 
 void KeyCache::RefreshKeysJob::Private::doStart()
 {
     if (m_canceled) {
         q->deleteLater();
         return;
     }
 
     Q_ASSERT(m_jobsPending.size() == 0);
     m_mergedResult.mergeWith(KeyListResult(startKeyListing(GpgME::OpenPGP)));
     m_mergedResult.mergeWith(KeyListResult(startKeyListing(GpgME::CMS)));
 
     if (m_jobsPending.size() != 0) {
         return;
     }
 
     const bool hasError = m_mergedResult.error() || m_mergedResult.error().isCanceled();
     emitDone(hasError ? m_mergedResult : KeyListResult(Error(GPG_ERR_UNSUPPORTED_OPERATION)));
 }
 
 void KeyCache::RefreshKeysJob::Private::updateKeyCache()
 {
     if (!m_cache || m_canceled) {
         q->deleteLater();
         return;
     }
 
     std::vector<Key> cachedKeys = m_cache->initialized() ? m_cache->keys() : std::vector<Key>();
     std::sort(cachedKeys.begin(), cachedKeys.end(), _detail::ByFingerprint<std::less>());
     std::vector<Key> keysToRemove;
     std::set_difference(cachedKeys.begin(), cachedKeys.end(),
                         m_keys.begin(), m_keys.end(),
                         std::back_inserter(keysToRemove),
                         _detail::ByFingerprint<std::less>());
     m_cache->remove(keysToRemove);
     m_cache->refresh(m_keys);
 }
 
 Error KeyCache::RefreshKeysJob::Private::startKeyListing(GpgME::Protocol proto)
 {
     const auto * const protocol = (proto == GpgME::OpenPGP) ? QGpgME::openpgp() : QGpgME::smime();
     if (!protocol) {
         return Error();
     }
     QGpgME::ListAllKeysJob *const job = protocol->listAllKeysJob(/*includeSigs*/false, /*validate*/true);
     if (!job) {
         return Error();
     }
 
 #if 0
     aheinecke: 2017.01.12:
 
     For unknown reasons the new style connect fails at runtime
     over library borders into QGpgME from the GpgME repo
     when cross compiled for Windows and default arguments
     are used in the Signal.
 
     This was tested with gcc 4.9 (Mingw 3.0.2) and we could not
     find an explanation for this. So until this is fixed or we understand
     the problem we need to use the old style connect for QGpgME signals.
 
     The new style connect of the canceled signal right below
     works fine.
 
     connect(job, &QGpgME::ListAllKeysJob::result,
             q, [this](const GpgME::KeyListResult &res, const std::vector<GpgME::Key> &keys) {
                 listAllKeysJobDone(res, keys);
             });
 #endif
     connect(job, SIGNAL(result(GpgME::KeyListResult,std::vector<GpgME::Key>)),
             q, SLOT(listAllKeysJobDone(GpgME::KeyListResult,std::vector<GpgME::Key>)));
 
     connect(q, &RefreshKeysJob::canceled, job, &QGpgME::Job::slotCancel);
 
     const Error error = job->start(true);
 
     if (!error && !error.isCanceled()) {
         m_jobsPending.push_back(job);
     }
     return error;
 }
 
 bool KeyCache::initialized() const
 {
     return d->m_initalized;
 }
 
 void KeyCache::Private::ensureCachePopulated() const
 {
     if (!m_initalized) {
         q->startKeyListing();
         QEventLoop loop;
         loop.connect(q, &KeyCache::keyListingDone,
                      &loop, &QEventLoop::quit);
         qCDebug(LIBKLEO_LOG) << "Waiting for keycache.";
         loop.exec();
         qCDebug(LIBKLEO_LOG) << "Keycache available.";
     }
 }
 
 bool KeyCache::pgpOnly() const
 {
     return d->m_pgpOnly;
 }
 
-static bool keyIsOk(const Key k)
+static bool keyIsOk(const Key &k)
 {
     return !k.isExpired() && !k.isRevoked() && !k.isInvalid() && !k.isDisabled();
 }
 
-static bool uidIsOk(const UserID uid)
+static bool uidIsOk(const UserID &uid)
 {
     return keyIsOk(uid.parent()) && !uid.isRevoked() && !uid.isInvalid();
 }
 
-static bool subkeyIsOk(const Subkey s)
+static bool subkeyIsOk(const Subkey &s)
 {
     return !s.isRevoked() && !s.isInvalid() && !s.isDisabled();
 }
 
 std::vector<GpgME::Key> KeyCache::findBestByMailBox(const char *addr, GpgME::Protocol proto,
                                                     bool needSign, bool needEncrypt) const
 {
     d->ensureCachePopulated();
     std::vector<GpgME::Key> ret;
     if (!addr) {
         return ret;
     }
     if (proto == Protocol::OpenPGP) {
         // Groups take precedence over automatic keys. We return all here
         // so if a group key for example is expired we can show that.
         ret = getGroupKeys(QString::fromUtf8(addr));
         if (!ret.empty()) {
             return ret;
         }
     }
     Key keyC;
     UserID uidC;
     for (const Key &k: findByEMailAddress(addr)) {
         if (proto != Protocol::UnknownProtocol && k.protocol() != proto) {
             continue;
         }
         if (needEncrypt && !k.canEncrypt()) {
             continue;
         }
         if (needSign && (!k.canSign() || !k.hasSecret())) {
             continue;
         }
         /* First get the uid that matches the mailbox */
         for (const UserID &u: k.userIDs()) {
             if (QString::fromStdString(u.addrSpec()).toLower() != QString::fromUtf8(addr).toLower()) {
                 continue;
             }
             if (uidC.isNull()) {
                 keyC = k;
                 uidC = u;
             } else if ((!uidIsOk(uidC) && uidIsOk(u)) || uidC.validity() < u.validity()) {
                 /* Validity of the new key is better. */
                 uidC = u;
                 keyC = k;
             } else if (uidC.validity() == u.validity() && uidIsOk(u)) {
                 /* Both are the same check which one is newer. */
                 time_t oldTime = 0;
                 for (const Subkey &s: keyC.subkeys()) {
                     if (!subkeyIsOk(s)) {
                         continue;
                     }
                     if (needSign && s.canSign()) {
                         oldTime = s.creationTime();
                     } else if (needEncrypt && s.canEncrypt()) {
                         oldTime = s.creationTime();
                     } else if (s.canSign() || s.canEncrypt()) {
                         oldTime = s.creationTime();
                     }
                 }
                 time_t newTime = 0;
                 for (const Subkey &s: k.subkeys()) {
                     if (!subkeyIsOk(s)) {
                         continue;
                     }
                     if (needSign && s.canSign()) {
                         newTime = s.creationTime();
                     } else if (needEncrypt && s.canEncrypt()) {
                         newTime = s.creationTime();
                     } else if (s.canSign() || s.canEncrypt()) {
                         newTime = s.creationTime();
                     }
                 }
                 if (newTime > oldTime) {
                     uidC = u;
                     keyC = k;
                 }
             }
         }
     }
     ret.push_back(keyC);
     return ret;
 }
 
 std::vector<GpgME::Key> KeyCache::getGroupKeys(const QString &groupName) const
 {
     return d->m_groups.value(groupName);
 }
 
 #include "moc_keycache_p.cpp"
 #include "moc_keycache.cpp"
 
diff --git a/src/tests/test_keyresolver.cpp b/src/tests/test_keyresolver.cpp
index cc18c24..f7a7a14 100644
--- a/src/tests/test_keyresolver.cpp
+++ b/src/tests/test_keyresolver.cpp
@@ -1,190 +1,190 @@
 /*
     test_keyresolver.cpp
 
     This file is part of libkleopatra's test suite.
     Copyright (c) 2018 Intevation GmbH
 
     Libkleopatra is free software; you can redistribute it and/or
     modify it under the terms of the GNU General Public License,
     version 2, as published by the Free Software Foundation.
 
     Libkleopatra is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     General Public License for more details.
 
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
     In addition, as a special exception, the copyright holders give
     permission to link the code of this program with any edition of
     the Qt library by Trolltech AS, Norway (or with modified versions
     of Qt that use the same license as Qt), and distribute linked
     combinations including the two.  You must obey the GNU General
     Public License in all respects for all of the code used other than
     Qt.  If you modify this file, you may extend this exception to
     your version of the file, but you are not obligated to do so.  If
     you do not wish to do so, delete this exception statement from
     your version.
 */
 
 
 #include "kleo/keyresolver.h"
 
 #include <QCommandLineParser>
 #include <QApplication>
 #include <QDebug>
 #include <QTimer>
 
 using namespace Kleo;
 
 void dumpKeys(const QMap <CryptoMessageFormat, QMap<QString, std::vector<GpgME::Key> > > &fmtMap)
 {
     for (const CryptoMessageFormat fmt: fmtMap.keys()) {
         qDebug () << "Format:" << cryptoMessageFormatToLabel(fmt) << fmt;
-        for (const auto mbox: fmtMap[fmt].keys()) {
+        for (const auto &mbox: fmtMap[fmt].keys()) {
             qDebug() << "Address:" << mbox;
             qDebug() << "Keys:";
-            for (const auto key: fmtMap[fmt][mbox]) {
+            for (const auto &key: fmtMap[fmt][mbox]) {
                 qDebug () << key.primaryFingerprint();
             }
         }
     }
 }
 
 void dumpSigKeys(const QMap <CryptoMessageFormat, std::vector<GpgME::Key> > &fmtMap)
 {
     for (const CryptoMessageFormat fmt: fmtMap.keys()) {
         qDebug () << "Format:" << cryptoMessageFormatToLabel(fmt) << fmt;
         qDebug() << "Keys:";
-        for (const auto key: fmtMap[fmt]) {
+        for (const auto &key: fmtMap[fmt]) {
             qDebug () << key.primaryFingerprint();
         }
     }
 }
 
 class SignalRecipient: public QObject
 {
     Q_OBJECT
 public:
     SignalRecipient(KeyResolver *res) : resolver(res) {}
 
     void keysResolved(bool success, bool sendUnencrypted)
     {
         if (!success) {
             qDebug() << "Canceled";
             exit(1);
         }
         qDebug() << "Resolved Signing keys:";
         dumpSigKeys (resolver->signingKeys());
         qDebug() << "Resolved Encryption keys:";
         dumpKeys (resolver->encryptionKeys());
         qDebug() << "Resolved Hidden keys:";
         dumpKeys (resolver->hiddenKeys());
         qDebug() << "Send Unencrypted:" << sendUnencrypted;
         exit(0);
     }
 private:
     KeyResolver *resolver;
 };
 
 int main(int argc, char **argv)
 {
     QApplication app(argc, argv);
     QCommandLineParser parser;
     parser.setApplicationDescription(QStringLiteral("Test KeyResolver class"));
     parser.addHelpOption();
     parser.addPositionalArgument(QStringLiteral("recipients"),
                                   QStringLiteral("Recipients to resolve"),
                                   QStringLiteral("[mailboxes]"));
     parser.addOption(QCommandLineOption(QStringList() << QStringLiteral("overrides")
                                         << QStringLiteral("o"),
                                         QStringLiteral("Override where format can be:\n"
                                                        "InlineOpenPGP\n"
                                                        "OpenPGPMIME\n"
                                                        "SMIME\n"
                                                        "SMIMEOpaque\n"
                                                        "AnyOpenPGP\n"
                                                        "AnySMIME\n"
                                                        "Auto"),
                                         QStringLiteral("mailbox:fpr,fpr,..:format")));
     parser.addOption(QCommandLineOption(QStringList() << QStringLiteral("sender")
                                         << QStringLiteral("s"),
                                         QStringLiteral("Mailbox of the sender"),
                                         QStringLiteral("mailbox")));
     parser.addOption(QCommandLineOption(QStringList() << QStringLiteral("hidden")
                                         << QStringLiteral("h"),
                                         QStringLiteral("hidden recipients"),
                                         QStringLiteral("A hidden / bcc recipient")));
     parser.addOption(QCommandLineOption(QStringList() << QStringLiteral("sigkeys")
                                         << QStringLiteral("k"),
                                         QStringLiteral("signing key"),
                                         QStringLiteral("Explicit signing keys")));
     parser.addOption(QCommandLineOption(QStringList() << QStringLiteral("encrypt")
                                         << QStringLiteral("e"),
                                         QStringLiteral("Only select encryption keys")));
     parser.addOption(QCommandLineOption(QStringList() << QStringLiteral("approval")
                                         << QStringLiteral("a"),
                                         QStringLiteral("Always show approval dlg")));
 
     parser.process(app);
 
     const QStringList recps = parser.positionalArguments();
     if (recps.size() < 1) {
         parser.showHelp(1);
     }
 
     KeyResolver resolver(true, !parser.isSet(QStringLiteral("encrypt")));
     resolver.setRecipients(recps);
     resolver.setSender(parser.value(QStringLiteral("sender")));
 
     QMap <CryptoMessageFormat, QMap <QString, QStringList> > overrides;
 
     for (const QString &oride: parser.values(QStringLiteral("overrides"))) {
         const QStringList split = oride.split(QLatin1Char(':'));
         CryptoMessageFormat fmt = AutoFormat;
         if (split.size() < 2 || split.size() > 3) {
             parser.showHelp(1);
         }
 
         if (split.size() == 3) {
             const QString fmtStr = split[2].toLower();
             if (fmtStr == QLatin1String("inlineopenpgp")) {
                 fmt = InlineOpenPGPFormat;
             } else if (fmtStr == QLatin1String("openpgpmime")) {
                 fmt = OpenPGPMIMEFormat;
             } else if (fmtStr == QLatin1String("smime")) {
                 fmt = SMIMEFormat;
             } else if (fmtStr == QLatin1String("smimeopaque")) {
                 fmt = SMIMEOpaqueFormat;
             } else if (fmtStr == QLatin1String("anyopenpgp")) {
                 fmt = AnyOpenPGP;
             } else if (fmtStr == QLatin1String("anysmime")) {
                 fmt = AnySMIME;
             } else if (fmtStr == QLatin1String("auto")) {
                 fmt = AutoFormat;
             } else {
                 parser.showHelp(1);
             }
         }
         const QStringList fingerprints = split[1].split(QLatin1Char(','));
 
         auto map = overrides.value(fmt);
         map.insert(split[0], fingerprints);
         overrides.insert(fmt, map);
     }
     resolver.setOverrideKeys(overrides);
 
     SignalRecipient * recp = new SignalRecipient(&resolver);
     QObject::connect (&resolver, &KeyResolver::keysResolved, recp, &SignalRecipient::keysResolved);
 
     QTimer::singleShot(1000, [&parser, &resolver]() {
         resolver.start(parser.isSet(QStringLiteral("approval")));
     });
 
     app.exec();
     return 0;
 }
 
 #include "test_keyresolver.moc"
diff --git a/src/utils/formatting.cpp b/src/utils/formatting.cpp
index d1cf263..f5093ad 100644
--- a/src/utils/formatting.cpp
+++ b/src/utils/formatting.cpp
@@ -1,1042 +1,1042 @@
 /* -*- mode: c++; c-basic-offset: 4; indent-tabs-mode: nil; -*-
 
     utils/formatting.cpp
 
     This file is part of Kleopatra, the KDE keymanager
     Copyright (c) 2007 Klarälvdalens Datakonsult AB
 
     Kleopatra is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
     the Free Software Foundation; either version 2 of the License, or
     (at your option) any later version.
 
     Kleopatra is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
     General Public License for more details.
 
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
     In addition, as a special exception, the copyright holders give
     permission to link the code of this program with any edition of
     the Qt library by Trolltech AS, Norway (or with modified versions
     of Qt that use the same license as Qt), and distribute linked
     combinations including the two.  You must obey the GNU General
     Public License in all respects for all of the code used other than
     Qt.  If you modify this file, you may extend this exception to
     your version of the file, but you are not obligated to do so.  If
     you do not wish to do so, delete this exception statement from
     your version.
 */
 
 #include "formatting.h"
 #include "kleo/dn.h"
 
 #include <gpgme++/key.h>
 #include <gpgme++/importresult.h>
 
 #include <QGpgME/CryptoConfig>
 #include <QGpgME/Protocol>
 
 #include <KLocalizedString>
 #include <KEmailAddress>
 
 #include <QString>
 #include <QStringList>
 #include <QDateTime>
 #include <QTextDocument> // for Qt::escape
 #include <QLocale>
 #include <QIcon>
 #include <QColor>
 #include <QRegularExpression>
 
 #include "models/keycache.h"
 
 #include <gpgme++/gpgmepp_version.h>
 #if GPGMEPP_VERSION > 0x10900
 # define GPGME_HAS_KEY_IS_DEVS
 #endif
 
 
 using namespace GpgME;
 using namespace Kleo;
 
 //
 // Name
 //
 
 QString Formatting::prettyName(int proto, const char *id, const char *name_, const char *comment_)
 {
 
     if (proto == OpenPGP) {
         const QString name = QString::fromUtf8(name_);
         if (name.isEmpty()) {
             return QString();
         }
         const QString comment = QString::fromUtf8(comment_);
         if (comment.isEmpty()) {
             return name;
         }
         return QStringLiteral("%1 (%2)").arg(name, comment);
     }
 
     if (proto == CMS) {
         const DN subject(id);
         const QString cn = subject[QStringLiteral("CN")].trimmed();
         if (cn.isEmpty()) {
             return subject.prettyDN();
         }
         return cn;
     }
 
     return QString();
 }
 
 QString Formatting::prettyNameAndEMail(int proto, const char *id, const char *name_, const char *email_, const char *comment_)
 {
     return prettyNameAndEMail(proto, QString::fromUtf8(id), QString::fromUtf8(name_), prettyEMail(email_, id), QString::fromUtf8(comment_));
 }
 
 QString Formatting::prettyNameAndEMail(int proto, const QString &id, const QString &name, const QString &email, const QString &comment)
 {
 
     if (proto == OpenPGP) {
         if (name.isEmpty()) {
             if (email.isEmpty()) {
                 return QString();
             } else if (comment.isEmpty()) {
                 return QStringLiteral("<%1>").arg(email);
             } else {
                 return QStringLiteral("(%2) <%1>").arg(email, comment);
             }
         }
         if (email.isEmpty()) {
             if (comment.isEmpty()) {
                 return name;
             } else {
                 return QStringLiteral("%1 (%2)").arg(name, comment);
             }
         }
         if (comment.isEmpty()) {
             return QStringLiteral("%1 <%2>").arg(name, email);
         } else {
             return QStringLiteral("%1 (%3) <%2>").arg(name, email, comment);
         }
     }
 
     if (proto == CMS) {
         const DN subject(id);
         const QString cn = subject[QStringLiteral("CN")].trimmed();
         if (cn.isEmpty()) {
             return subject.prettyDN();
         }
         return cn;
     }
     return QString();
 }
 
 QString Formatting::prettyUserID(const UserID &uid)
 {
     if (uid.parent().protocol() == OpenPGP) {
         return prettyNameAndEMail(uid);
     }
     const QByteArray id = QByteArray(uid.id()).trimmed();
     if (id.startsWith('<')) {
         return prettyEMail(uid.email(), uid.id());
     }
     if (id.startsWith('('))
         // ### parse uri/dns:
     {
         return QString::fromUtf8(uid.id());
     } else {
         return DN(uid.id()).prettyDN();
     }
 }
 
 QString Formatting::prettyKeyID(const char *id)
 {
     if (!id) {
         return QString();
     }
     return QLatin1String("0x") + QString::fromLatin1(id).toUpper();
 }
 
 QString Formatting::prettyNameAndEMail(const UserID &uid)
 {
     return prettyNameAndEMail(uid.parent().protocol(), uid.id(), uid.name(), uid.email(), uid.comment());
 }
 
 QString Formatting::prettyNameAndEMail(const Key &key)
 {
     return prettyNameAndEMail(key.userID(0));
 }
 
 QString Formatting::prettyName(const Key &key)
 {
     return prettyName(key.userID(0));
 }
 
 QString Formatting::prettyName(const UserID &uid)
 {
     return prettyName(uid.parent().protocol(), uid.id(), uid.name(), uid.comment());
 }
 
 QString Formatting::prettyName(const UserID::Signature &sig)
 {
     return prettyName(OpenPGP, sig.signerUserID(), sig.signerName(), sig.signerComment());
 }
 
 //
 // EMail
 //
 
 QString Formatting::prettyEMail(const Key &key)
 {
     for (unsigned int i = 0, end = key.numUserIDs(); i < end; ++i) {
         const QString email = prettyEMail(key.userID(i));
         if (!email.isEmpty()) {
             return email;
         }
     }
     return QString();
 }
 
 QString Formatting::prettyEMail(const UserID &uid)
 {
     return prettyEMail(uid.email(), uid.id());
 }
 
 QString Formatting::prettyEMail(const UserID::Signature &sig)
 {
     return prettyEMail(sig.signerEmail(), sig.signerUserID());
 }
 
 QString Formatting::prettyEMail(const char *email_, const char *id)
 {
     QString email, name, comment;
     if (email_ && KEmailAddress::splitAddress(QString::fromUtf8(email_),
                                               name, email, comment) == KEmailAddress::AddressOk) {
         return email;
     } else {
         return DN(id)[QStringLiteral("EMAIL")].trimmed();
     }
 }
 
 //
 // Tooltip
 //
 
 namespace
 {
 
 static QString protect_whitespace(QString s)
 {
     static const QLatin1Char SP(' '), NBSP('\xA0');
     return s.replace(SP, NBSP);
 }
 
 template <typename T_arg>
 QString format_row(const QString &field, const T_arg &arg)
 {
     return QStringLiteral("<tr><th>%1:</th><td>%2</td></tr>").arg(protect_whitespace(field), arg);
 }
 QString format_row(const QString &field, const QString &arg)
 {
     return QStringLiteral("<tr><th>%1:</th><td>%2</td></tr>").arg(protect_whitespace(field), arg.toHtmlEscaped());
 }
 QString format_row(const QString &field, const char *arg)
 {
     return format_row(field, QString::fromUtf8(arg));
 }
 
 QString format_keytype(const Key &key)
 {
     const Subkey subkey = key.subkey(0);
     if (key.hasSecret()) {
         return i18n("%1-bit %2 (secret key available)", subkey.length(), QLatin1String(subkey.publicKeyAlgorithmAsString()));
     } else {
         return i18n("%1-bit %2", subkey.length(), QLatin1String(subkey.publicKeyAlgorithmAsString()));
     }
 }
 
 QString format_subkeytype(const Subkey &subkey)
 {
     const auto algo = subkey.publicKeyAlgorithm();
 
     if (algo == Subkey::AlgoECC ||
         algo == Subkey::AlgoECDSA ||
         algo == Subkey::AlgoECDH ||
         algo == Subkey::AlgoEDDSA) {
         return QString::fromStdString(subkey.algoName());
     }
     return i18n("%1-bit %2", subkey.length(), QLatin1String(subkey.publicKeyAlgorithmAsString()));
 }
 
 QString format_keyusage(const Key &key)
 {
     QStringList capabilities;
     if (key.canReallySign()) {
         if (key.isQualified()) {
             capabilities.push_back(i18n("Signing (Qualified)"));
         } else {
             capabilities.push_back(i18n("Signing"));
         }
     }
     if (key.canEncrypt()) {
         capabilities.push_back(i18n("Encryption"));
     }
     if (key.canCertify()) {
         capabilities.push_back(i18n("Certifying User-IDs"));
     }
     if (key.canAuthenticate()) {
         capabilities.push_back(i18n("SSH Authentication"));
     }
     return capabilities.join(QStringLiteral(", "));
 }
 
 QString format_subkeyusage(const Subkey &subkey)
 {
     QStringList capabilities;
     if (subkey.canSign()) {
         if (subkey.isQualified()) {
             capabilities.push_back(i18n("Signing (Qualified)"));
         } else {
             capabilities.push_back(i18n("Signing"));
         }
     }
     if (subkey.canEncrypt()) {
         capabilities.push_back(i18n("Encryption"));
     }
     if (subkey.canCertify()) {
         capabilities.push_back(i18n("Certifying User-IDs"));
     }
     if (subkey.canAuthenticate()) {
         capabilities.push_back(i18n("SSH Authentication"));
     }
     return capabilities.join(QStringLiteral(", "));
 }
 
 static QString time_t2string(time_t t)
 {
     QDateTime dt;
     dt.setTime_t(t);
     return QLocale().toString(dt, QLocale::ShortFormat);
 }
 
 static QString make_red(const QString &txt)
 {
     return QLatin1String("<font color=\"red\">") + txt.toHtmlEscaped() + QLatin1String("</font>");
 }
 
 }
 
 QString Formatting::toolTip(const Key &key, int flags)
 {
     if (flags == 0 || (key.protocol() != CMS && key.protocol() != OpenPGP)) {
         return QString();
     }
 
     const Subkey subkey = key.subkey(0);
 
     QString result;
     if (flags & Validity) {
         if (key.protocol() == OpenPGP || (key.keyListMode() & Validate))
             if (key.isRevoked()) {
                 result = make_red(i18n("Revoked"));
             } else if (key.isExpired()) {
                 result = make_red(i18n("Expired"));
             } else if (key.isDisabled()) {
                 result = i18n("Disabled");
             } else {
                 unsigned int fullyTrusted = 0;
                 for (const auto &uid: key.userIDs()) {
                     if (uid.validity() >= UserID::Validity::Full) {
                         fullyTrusted++;
                     }
                 }
                 if (fullyTrusted == key.numUserIDs()) {
                     result = i18n("All User-IDs are certified.");
                     const auto compliance = complianceStringForKey(key);
                     if (!compliance.isEmpty()) {
                         result += QStringLiteral("<br>") + compliance;
                     }
                 } else {
                     result = i18np("One User-ID is not certified.", "%1 User-IDs are not certified.", key.numUserIDs() - fullyTrusted);
                 }
             }
         else {
             result = i18n("The validity cannot be checked at the moment.");
         }
     }
     if (flags == Validity) {
         return result;
     }
 
     result += QLatin1String("<table border=\"0\">");
     if (key.protocol() == CMS) {
         if (flags & SerialNumber) {
             result += format_row(i18n("Serial number"), key.issuerSerial());
         }
         if (flags & Issuer) {
             result += format_row(i18n("Issuer"), key.issuerName());
         }
     }
     if (flags & UserIDs) {
         const std::vector<UserID> uids = key.userIDs();
         if (!uids.empty())
             result += format_row(key.protocol() == CMS
                                  ? i18n("Subject")
                                  : i18n("User-ID"), prettyUserID(uids.front()));
         if (uids.size() > 1)
             for (std::vector<UserID>::const_iterator it = uids.begin() + 1, end = uids.end(); it != end; ++it)
                 if (!it->isRevoked() && !it->isInvalid()) {
                     result += format_row(i18n("a.k.a."), prettyUserID(*it));
                 }
     }
     if (flags & ExpiryDates) {
         result += format_row(i18n("Created"), time_t2string(subkey.creationTime()));
 
         if (key.isExpired()) {
             result += format_row(i18n("Expired"), time_t2string(subkey.expirationTime()));
         } else if (!subkey.neverExpires()) {
             result += format_row(i18n("Expires"), time_t2string(subkey.expirationTime()));
         }
     }
     if (flags & CertificateType) {
         result += format_row(i18n("Type"), format_keytype(key));
     }
     if (flags & CertificateUsage) {
         result += format_row(i18n("Usage"), format_keyusage(key));
     }
     if (flags & KeyID) {
         result += format_row(i18n("Key-ID"), QString::fromLatin1(key.shortKeyID()));
     }
     if (flags & Fingerprint) {
         result += format_row(i18n("Fingerprint"), key.primaryFingerprint());
     }
     if (flags & OwnerTrust) {
         if (key.protocol() == OpenPGP) {
             result += format_row(i18n("Certification trust"), ownerTrustShort(key));
         } else if (key.isRoot()) {
             result += format_row(i18n("Trusted issuer?"),
                                  key.userID(0).validity() == UserID::Ultimate ? i18n("Yes") :
                                  /* else */                                     i18n("No"));
         }
     }
 
     if (flags & StorageLocation) {
         if (const char *card = subkey.cardSerialNumber()) {
             result += format_row(i18n("Stored"), i18nc("stored...", "on SmartCard with serial no. %1", QString::fromUtf8(card)));
         } else {
             result += format_row(i18n("Stored"), i18nc("stored...", "on this computer"));
         }
     }
     if (flags & Subkeys) {
         for (const auto &sub: key.subkeys()) {
             result += QLatin1String("<hr/>");
             result += format_row(i18n("Subkey"), sub.fingerprint());
             if (sub.isRevoked()) {
                 result += format_row(i18n("Status"), i18n("Revoked"));
             } else if (sub.isExpired()) {
                 result += format_row(i18n("Status"), i18n("Expired"));
             }
             if (flags & ExpiryDates) {
                 result += format_row(i18n("Created"), time_t2string(sub.creationTime()));
 
                 if (key.isExpired()) {
                     result += format_row(i18n("Expired"), time_t2string(sub.expirationTime()));
                 } else if (!subkey.neverExpires()) {
                     result += format_row(i18n("Expires"), time_t2string(sub.expirationTime()));
                 }
             }
 
             if (flags & CertificateType) {
                 result += format_row(i18n("Type"), format_subkeytype(sub));
             }
             if (flags & CertificateUsage) {
                 result += format_row(i18n("Usage"), format_subkeyusage(sub));
             }
             if (flags & StorageLocation) {
                 if (const char *card = sub.cardSerialNumber()) {
                     result += format_row(i18n("Stored"), i18nc("stored...", "on SmartCard with serial no. %1", QString::fromUtf8(card)));
                 } else {
                     result += format_row(i18n("Stored"), i18nc("stored...", "on this computer"));
                 }
             }
         }
     }
     result += QLatin1String("</table>");
 
     return result;
 }
 
 //
 // Creation and Expiration
 //
 
 namespace
 {
 static QDate time_t2date(time_t t)
 {
     if (!t) {
         return QDate();
     }
     QDateTime dt;
     dt.setTime_t(t);
     return dt.date();
 }
 static QString date2string(const QDate &date)
 {
     return QLocale().toString(date, QLocale::ShortFormat);
 }
 
 template <typename T>
 QString expiration_date_string(const T &tee)
 {
     return tee.neverExpires() ? QString() : date2string(time_t2date(tee.expirationTime()));
 }
 template <typename T>
 QDate creation_date(const T &tee)
 {
     return time_t2date(tee.creationTime());
 }
 template <typename T>
 QDate expiration_date(const T &tee)
 {
     return time_t2date(tee.expirationTime());
 }
 }
 
 QString Formatting::expirationDateString(const Key &key)
 {
     return expiration_date_string(key.subkey(0));
 }
 
 QString Formatting::expirationDateString(const Subkey &subkey)
 {
     return expiration_date_string(subkey);
 }
 
 QString Formatting::expirationDateString(const UserID::Signature &sig)
 {
     return expiration_date_string(sig);
 }
 
 QDate Formatting::expirationDate(const Key &key)
 {
     return expiration_date(key.subkey(0));
 }
 
 QDate Formatting::expirationDate(const Subkey &subkey)
 {
     return expiration_date(subkey);
 }
 
 QDate Formatting::expirationDate(const UserID::Signature &sig)
 {
     return expiration_date(sig);
 }
 
 QString Formatting::creationDateString(const Key &key)
 {
     return date2string(creation_date(key.subkey(0)));
 }
 
 QString Formatting::creationDateString(const Subkey &subkey)
 {
     return date2string(creation_date(subkey));
 }
 
 QString Formatting::creationDateString(const UserID::Signature &sig)
 {
     return date2string(creation_date(sig));
 }
 
 QDate Formatting::creationDate(const Key &key)
 {
     return creation_date(key.subkey(0));
 }
 
 QDate Formatting::creationDate(const Subkey &subkey)
 {
     return creation_date(subkey);
 }
 
 QDate Formatting::creationDate(const UserID::Signature &sig)
 {
     return creation_date(sig);
 }
 
 //
 // Types
 //
 
 QString Formatting::displayName(Protocol p)
 {
     if (p == CMS) {
         return i18nc("X.509/CMS encryption standard", "X.509");
     }
     if (p == OpenPGP) {
         return i18n("OpenPGP");
     }
     return i18nc("Unknown encryption protocol", "Unknown");
 }
 
 QString Formatting::type(const Key &key)
 {
     return displayName(key.protocol());
 }
 
 QString Formatting::type(const Subkey &subkey)
 {
     return QString::fromUtf8(subkey.publicKeyAlgorithmAsString());
 }
 
 //
 // Status / Validity
 //
 
 QString Formatting::ownerTrustShort(const Key &key)
 {
     return ownerTrustShort(key.ownerTrust());
 }
 
 QString Formatting::ownerTrustShort(Key::OwnerTrust trust)
 {
     switch (trust) {
     case Key::Unknown:   return i18nc("unknown trust level", "unknown");
     case Key::Never:     return i18n("untrusted");
     case Key::Marginal:  return i18nc("marginal trust", "marginal");
     case Key::Full:      return i18nc("full trust", "full");
     case Key::Ultimate:  return i18nc("ultimate trust", "ultimate");
     case Key::Undefined: return i18nc("undefined trust", "undefined");
     default:
         Q_ASSERT(!"unexpected owner trust value");
         break;
     }
     return QString();
 }
 
 QString Formatting::validityShort(const Subkey &subkey)
 {
     if (subkey.isRevoked()) {
         return i18n("revoked");
     }
     if (subkey.isExpired()) {
         return i18n("expired");
     }
     if (subkey.isDisabled()) {
         return i18n("disabled");
     }
     if (subkey.isInvalid()) {
         return i18n("invalid");
     }
     return i18nc("as in good/valid signature", "good");
 }
 
 QString Formatting::validityShort(const UserID &uid)
 {
     if (uid.isRevoked()) {
         return i18n("revoked");
     }
     if (uid.isInvalid()) {
         return i18n("invalid");
     }
     switch (uid.validity()) {
     case UserID::Unknown:   return i18nc("unknown trust level", "unknown");
     case UserID::Undefined: return i18nc("undefined trust", "undefined");
     case UserID::Never:     return i18n("untrusted");
     case UserID::Marginal:  return i18nc("marginal trust", "marginal");
     case UserID::Full:      return i18nc("full trust", "full");
     case UserID::Ultimate:  return i18nc("ultimate trust", "ultimate");
     }
     return QString();
 }
 
 QString Formatting::validityShort(const UserID::Signature &sig)
 {
     switch (sig.status()) {
     case UserID::Signature::NoError:
         if (!sig.isInvalid()) {
             /* See RFC 4880 Section 5.2.1 */
             switch (sig.certClass()) {
             case 0x10: /* Generic */
             case 0x11: /* Persona */
             case 0x12: /* Casual */
             case 0x13: /* Positive */
                 return i18n("valid");
             case 0x30:
                 return i18n("revoked");
             default:
                 return i18n("class %1", sig.certClass());
             }
         }
         Q_FALLTHROUGH();
         // fall through:
     case UserID::Signature::GeneralError:
         return i18n("invalid");
     case UserID::Signature::SigExpired:   return i18n("expired");
     case UserID::Signature::KeyExpired:   return i18n("certificate expired");
     case UserID::Signature::BadSignature: return i18nc("fake/invalid signature", "bad");
     case UserID::Signature::NoPublicKey: {
             /* GnuPG returns the same error for no public key as for expired
              * or revoked certificates. */
             const auto key = KeyCache::instance()->findByKeyIDOrFingerprint (sig.signerKeyID());
             if (key.isNull()) {
                 return i18n("no public key");
             } else if (key.isExpired()) {
                 return i18n("key expired");
             } else if (key.isRevoked()) {
                 return i18n("key revoked");
             } else if (key.isDisabled()) {
                 return i18n("key disabled");
             }
             /* can't happen */
-            return "unknwon";
+            return QStringLiteral("unknwon");
         }
     }
     return QString();
 }
 
 QIcon Formatting::validityIcon(const UserID::Signature &sig)
 {
     switch (sig.status()) {
     case UserID::Signature::NoError:
         if (!sig.isInvalid()) {
             /* See RFC 4880 Section 5.2.1 */
             switch (sig.certClass()) {
             case 0x10: /* Generic */
             case 0x11: /* Persona */
             case 0x12: /* Casual */
             case 0x13: /* Positive */
                 return QIcon::fromTheme(QStringLiteral("emblem-success"));
             case 0x30:
                 return QIcon::fromTheme(QStringLiteral("emblem-error"));
             default:
                 return QIcon();
             }
         }
         Q_FALLTHROUGH();
         // fall through:
     case UserID::Signature::BadSignature:
     case UserID::Signature::GeneralError:
         return QIcon::fromTheme(QStringLiteral("emblem-error"));
     case UserID::Signature::SigExpired:
     case UserID::Signature::KeyExpired:
         return QIcon::fromTheme(QStringLiteral("emblem-information"));
     case UserID::Signature::NoPublicKey:
         return QIcon::fromTheme(QStringLiteral("emblem-question"));
     }
     return QIcon();
 }
 
 QString Formatting::formatKeyLink(const Key &key)
 {
     if (key.isNull()) {
         return QString();
     }
     return QStringLiteral("<a href=\"key:%1\">%2</a>").arg(QLatin1String(key.primaryFingerprint()), Formatting::prettyName(key));
 }
 
 QString Formatting::formatForComboBox(const GpgME::Key &key)
 {
     const QString name = prettyName(key);
     QString mail = prettyEMail(key);
     if (!mail.isEmpty()) {
         mail = QLatin1Char('<') + mail + QLatin1Char('>');
     }
     return i18nc("name, email, key id", "%1 %2 (%3)", name, mail, QLatin1String(key.shortKeyID())).simplified();
 }
 
 namespace
 {
 
 static QString keyToString(const Key &key)
 {
 
     Q_ASSERT(!key.isNull());
 
     const QString email = Formatting::prettyEMail(key);
     const QString name = Formatting::prettyName(key);
 
     if (name.isEmpty()) {
         return email;
     } else if (email.isEmpty()) {
         return name;
     } else {
         return QStringLiteral("%1 <%2>").arg(name, email);
     }
 }
 
 }
 
 const char *Formatting::summaryToString(const Signature::Summary summary)
 {
     if (summary & Signature::Red) {
         return "RED";
     }
     if (summary & Signature::Green) {
         return "GREEN";
     }
     return "YELLOW";
 }
 
 QString Formatting::signatureToString(const Signature &sig, const Key &key)
 {
     if (sig.isNull()) {
         return QString();
     }
 
     const bool red   = (sig.summary() & Signature::Red);
     const bool valid = (sig.summary() & Signature::Valid);
 
     if (red)
         if (key.isNull())
             if (const char *fpr = sig.fingerprint()) {
                 return i18n("Bad signature by unknown certificate %1: %2", QString::fromLatin1(fpr), QString::fromLocal8Bit(sig.status().asString()));
             } else {
                 return i18n("Bad signature by an unknown certificate: %1", QString::fromLocal8Bit(sig.status().asString()));
             }
         else {
             return i18n("Bad signature by %1: %2", keyToString(key), QString::fromLocal8Bit(sig.status().asString()));
         }
 
     else if (valid)
         if (key.isNull())
             if (const char *fpr = sig.fingerprint()) {
                 return i18n("Good signature by unknown certificate %1.", QString::fromLatin1(fpr));
             } else {
                 return i18n("Good signature by an unknown certificate.");
             }
         else {
             return i18n("Good signature by %1.", keyToString(key));
         }
 
     else if (key.isNull())
         if (const char *fpr = sig.fingerprint()) {
             return i18n("Invalid signature by unknown certificate %1: %2", QString::fromLatin1(fpr), QString::fromLocal8Bit(sig.status().asString()));
         } else {
             return i18n("Invalid signature by an unknown certificate: %1", QString::fromLocal8Bit(sig.status().asString()));
         }
     else {
         return i18n("Invalid signature by %1: %2", keyToString(key), QString::fromLocal8Bit(sig.status().asString()));
     }
 }
 
 //
 // ImportResult
 //
 
 QString Formatting::importMetaData(const Import &import, const QStringList &ids)
 {
     const QString result = importMetaData(import);
     if (result.isEmpty()) {
         return QString();
     } else
         return result + QLatin1Char('\n') +
                i18n("This certificate was imported from the following sources:") + QLatin1Char('\n') +
                ids.join(QLatin1Char('\n'));
 }
 
 QString Formatting::importMetaData(const Import &import)
 {
 
     if (import.isNull()) {
         return QString();
     }
 
     if (import.error().isCanceled()) {
         return i18n("The import of this certificate was canceled.");
     }
     if (import.error())
         return i18n("An error occurred importing this certificate: %1",
                     QString::fromLocal8Bit(import.error().asString()));
 
     const unsigned int status = import.status();
     if (status & Import::NewKey)
         return (status & Import::ContainedSecretKey)
                ? i18n("This certificate was new to your keystore. The secret key is available.")
                : i18n("This certificate is new to your keystore.");
 
     QStringList results;
     if (status & Import::NewUserIDs) {
         results.push_back(i18n("New user-ids were added to this certificate by the import."));
     }
     if (status & Import::NewSignatures) {
         results.push_back(i18n("New signatures were added to this certificate by the import."));
     }
     if (status & Import::NewSubkeys) {
         results.push_back(i18n("New subkeys were added to this certificate by the import."));
     }
 
     return results.empty()
            ? i18n("The import contained no new data for this certificate. It is unchanged.")
            : results.join(QLatin1Char('\n'));
 }
 
 //
 // Overview in CertificateDetailsDialog
 //
 
 QString Formatting::formatOverview(const Key &key)
 {
     return toolTip(key, AllOptions);
 }
 
 QString Formatting::usageString(const Subkey &sub)
 {
     QStringList usageStrings;
     if (sub.canCertify()) {
         usageStrings << i18n("Certify");
     }
     if (sub.canSign()) {
         usageStrings << i18n("Sign");
     }
     if (sub.canEncrypt()) {
         usageStrings << i18n("Encrypt");
     }
     if (sub.canAuthenticate()) {
         usageStrings << i18n("Authenticate");
     }
     return usageStrings.join(QStringLiteral(", "));
 }
 
 QString Formatting::summaryLine(const Key &key)
 {
     return keyToString(key) + QLatin1Char(' ') +
            i18nc("(validity, protocol, creation date)",
                  "(%1, %2, created: %3)",
 		 Formatting::complianceStringShort(key),
 		 displayName(key.protocol()),
                  Formatting::creationDateString(key));
 }
 
 // Icon for certificate selection indication
 QIcon Formatting::iconForUid(const UserID &uid)
 {
     switch (uid.validity()) {
         case UserID::Ultimate:
         case UserID::Full:
         case UserID::Marginal:
             return QIcon::fromTheme(QStringLiteral("emblem-success"));
         case UserID::Never:
             return QIcon::fromTheme(QStringLiteral("emblem-error"));
         case UserID::Undefined:
         case UserID::Unknown:
         default:
             return QIcon::fromTheme(QStringLiteral("emblem-information"));
     }
 }
 
 QString Formatting::validity(const UserID &uid)
 {
     switch (uid.validity()) {
         case UserID::Ultimate:
             return i18n("The certificate is marked as your own.");
         case UserID::Full:
             return i18n("The certificate belongs to this recipient.");
         case UserID::Marginal:
             return i18n("The trust model indicates marginally that the certificate belongs to this recipient.");
         case UserID::Never:
             return i18n("This certificate should not be used.");
         case UserID::Undefined:
         case UserID::Unknown:
         default:
             return i18n("There is no indication that this certificate belongs to this recipient.");
     }
 }
 
 bool Formatting::uidsHaveFullValidity(const GpgME::Key &key)
 {
     bool oneValid = false;
     for (const auto &uid: key.userIDs()) {
         if (uid.isRevoked()) {
             /* Skip revoked uids */
             continue;
         }
         if (uid.validity() < UserID::Validity::Full) {
             return false;
         }
         /* Only return true if we have found at least one
          * valid uid. E.g. if all uids are revoked we do
          * not want to return true here. */
         oneValid = true;
     }
     return oneValid;
 }
 
 QString Formatting::complianceMode()
 {
     const QGpgME::CryptoConfig *const config = QGpgME::cryptoConfig();
     if (!config) {
         return QString();
     }
     const QGpgME::CryptoConfigEntry *const entry = config->entry(QStringLiteral("gpg"), QStringLiteral("Configuration"), QStringLiteral("compliance"));
 
     if (!entry || entry->stringValue() == QStringLiteral("gnupg")) {
         return QString();
     }
     return entry->stringValue();
 }
 
 bool Formatting::isKeyDeVs(const GpgME::Key &key)
 {
 #ifdef GPGME_HAS_KEY_IS_DEVS
     for (const auto &sub: key.subkeys()) {
         if (sub.isExpired() || sub.isRevoked()) {
             // Ignore old subkeys
             continue;
         }
         if (!sub.isDeVs()) {
             return false;
         }
     }
     return true;
 #else
     return false;
 #endif
 }
 
 QString Formatting::complianceStringForKey(const GpgME::Key &key)
 {
     // There will likely be more in the future for other institutions
     // for now we only have DE-VS
     if (complianceMode() == QStringLiteral("de-vs")) {
         if (uidsHaveFullValidity(key) && isKeyDeVs(key)) {
             return i18nc("VS-NfD conforming is a German standard for restricted documents. For which special restrictions about algorithms apply. The string describes if a key is compliant with that..",
                          "May be used for VS-NfD-compliant communication.");
         } else {
             return i18nc("VS-NfD-conforming is a German standard for restricted documents. For which special restrictions about algorithms apply. The string describes if a key is compliant to that..",
                          "May <b>not</b> be used for VS-NfD-compliant communication.");
         }
     }
     return QString();
 }
 
 QString Formatting::complianceStringShort(const GpgME::Key &key)
 {
     if (Formatting::uidsHaveFullValidity(key)) {
         if (complianceMode() == QStringLiteral("de-vs")
             && Formatting::isKeyDeVs(key)) {
             return QStringLiteral("★ ") +
                 i18nc("VS-NfD-conforming is a German standard for restricted documents for which special restrictions about algorithms apply.  The string states that a key is compliant with that.",
                       "VS-NfD-compliant");
         }
         return i18nc("As in all user IDs are valid.", "certified");
     }
     if (key.isExpired()) {
         return i18n("expired");
     }
 
     return i18nc("As in not all user IDs are valid.", "not certified");
 }
 
 QString Formatting::prettyID(const char *id)
 {
     if (!id) {
         return QString();
     }
     return QString::fromLatin1(id).toUpper().replace(QRegularExpression(QStringLiteral("(....)")), QStringLiteral("\\1 ")).trimmed();
 }