remove the ssl cert storage. Big rewrite of ssl cert and friend management

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2017 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-06-08 14:42:51 -04:00 · 2010-01-13 21:22:52 +00:00 · 2010-01-13 21:22:52 +00:00 · 9976b80566
commit 9976b80566
parent bb9fb11257
39 changed files with 2056 additions and 1957 deletions
--- a/libretroshare/src/dbase/cachestrapper.cc
+++ b/libretroshare/src/dbase/cachestrapper.cc
@ -832,7 +832,9 @@ bool CacheStrapper::loadList(std::list<RsItem *> load)
 			CacheData cd;
 			cd.pid = rscc->pid;
-                        cd.pname = AuthSSL::getAuthSSL()->getName(cd.pid);
+                        peerConnectState pca;
                        mConnMgr->getFriendNetStatus(rscc->pid, pca);
                        cd.pname = pca.name;
 			cd.cid.type = rscc->cachetypeid;
 			cd.cid.subid = rscc->cachesubid;
 			cd.path = rscc->path;
--- a/libretroshare/src/ft/ftserver.cc
+++ b/libretroshare/src/ft/ftserver.cc
@ -858,7 +858,9 @@ bool     ftServer::handleCacheData()
 		data.name = ci->file.name;
 		data.path = ci->file.path;
 		data.pid = ci->PeerId();
-                data.pname = AuthSSL::getAuthSSL()->getName(ci->PeerId());
+                peerConnectState pca;
                mConnMgr->getFriendNetStatus(ci->PeerId(), pca);
                data.pname = pca.name;
 		mCacheStrapper->recvCacheResponse(data, time(NULL));
 		delete ci;
--- a/libretroshare/src/pqi/authgpg.cc
+++ b/libretroshare/src/pqi/authgpg.cc
@ -198,7 +198,7 @@ AuthGPG::AuthGPG()
 *
 * returns false if GnuPG is not available.
 */
-bool AuthGPG::availablePGPCertificatesWithPrivateKeys(std::list<std::string> &ids)
+bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -281,6 +281,8 @@ int	AuthGPG::GPGInit(std::string ownId)
 	mOwnGpgCert.key = newKey;
        mOwnGpgId = ownId;
        mOwnGpgName = newKey->uids->name;
        mOwnGpgEmail = newKey->uids->email;
 	gpgmeKeySelected = true;
        storeAllKeys_locked();
        printAllKeys_locked();
@ -381,6 +383,13 @@ bool   AuthGPG::storeAllKeys_locked()
                nu.name  = mainuid->name;
                nu.email = mainuid->email;
 		gpgme_key_sig_t mainsiglist = mainuid->signatures;
                std::map<std::string, bool>::iterator itAccept;
                if (mAcceptToConnectMap.end() != (itAccept = mAcceptToConnectMap.find(nu.id))) {
                    nu.accept_connection = itAccept->second;
                } else {
                    nu.accept_connection = false;
                    mAcceptToConnectMap[nu.id] = false;
                }
                nu.ownsign = false;
 		while(mainsiglist != NULL)
 		{
@ -738,7 +747,7 @@ bool AuthGPG::DoOwnSignature_locked(const void *data, unsigned int datalen, void
 /* import to GnuPG and other Certificates */
-bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen)
+bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint)
 {
 	gpgme_data_t gpgmeSig;
 	gpgme_data_t gpgmeData;
@ -793,8 +802,13 @@ bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *
 		if (sg->summary & GPGME_SIGSUM_VALID)
 		{
                        fprintf(stderr, "AuthGPG::VerifySignature() OK\n");
                        if (withfingerprint != "" && withfingerprint == std::string(sg->fpr)) {
                            fprintf(stderr, "AuthGPG::VerifySignature() for the fingerprint key : ");
                            std::cerr << withfingerprint;
                            fprintf(stderr, "\n");
                            valid = true;
                        }
 		}
 		sg = sg->next;
 	}
@ -843,7 +857,7 @@ int     AuthGPG::setConfigDirectories(std::string confFile, std::string neighDir
 #endif
 /**** These Two are common */
-std::string AuthGPG::getPGPName(GPG_id id)
+std::string AuthGPG::getGPGName(GPG_id id)
 {
        RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -855,7 +869,7 @@ std::string AuthGPG::getPGPName(GPG_id id)
 }
 /**** These Two are common */
-std::string AuthGPG::getPGPEmail(GPG_id id)
+std::string AuthGPG::getGPGEmail(GPG_id id)
 {
        RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -868,14 +882,19 @@ std::string AuthGPG::getPGPEmail(GPG_id id)
 /**** GPG versions ***/
-std::string AuthGPG::PGPOwnId()
+std::string AuthGPG::getGPGOwnId()
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
        return mOwnGpgId;
 }
-bool	AuthGPG::getPGPAllList(std::list<std::string> &ids)
+std::string AuthGPG::getGPGOwnName()
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
        return mOwnGpgName;
 }
 bool	AuthGPG::getGPGAllList(std::list<std::string> &ids)
 {
        RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -888,36 +907,24 @@ bool	AuthGPG::getPGPAllList(std::list<std::string> &ids)
 	return true;
 }
-bool	AuthGPG::getPGPValidList(std::list<std::string> &ids)
+bool	AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d)
 {
        RsStackMutex stack(pgpMtx); /******* LOCKED ******/
        /* add an id for each pgp certificate */
        certmap::iterator it;
-        for(it = mKeyList.begin(); it != mKeyList.end(); it++)
+        if (mKeyList.end() != (it = mKeyList.find(id))) {
-        {
+            d.id = it->second.id; //keep, it but can be bug gen
-            if (it->second.validLvl >= GPGME_VALIDITY_MARGINAL) {
+            d.gpg_id = it->second.id;
                ids.push_back(it->first);
            }
        }
        return true;
 }
 bool	AuthGPG::getPGPDetails(std::string id, RsPeerDetails &d)
 {
        RsStackMutex stack(pgpMtx); /******* LOCKED ******/
        /* add an id for each pgp certificate */
        certmap::iterator it;
        if (mKeyList.end() != (it = mKeyList.find(id)))
        {
            d.id = it->second.id;
            d.name = it->second.name;
            d.email = it->second.email;
            d.trustLvl = it->second.trustLvl;
            d.validLvl = it->second.validLvl;
            d.ownsign = it->second.ownsign;
            d.gpgSigners = it->second.signers;
            d.fpr = it->second.fpr;
            d.accept_connection = it->second.accept_connection;
            //did the peer signed me ?
            d.hasSignedMe = false;
@ -955,7 +962,6 @@ bool 	AuthGPG::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
 bool 	AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
 	gpgme_encrypt_flags_t* flags = new gpgme_encrypt_flags_t();
 	gpgme_key_t keys[2] = {mOwnGpgCert.key, NULL};
        gpgme_set_armor (CTX, 1);
@ -971,18 +977,37 @@ bool 	AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
 	return true;
 }
-bool	AuthGPG::getPGPAcceptedList(std::list<std::string> &ids)
+bool	AuthGPG::getGPGValidList(std::list<std::string> &ids)
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
-    //TODO : implement a list in config file of accepted GPG key to connect with
+        /* add an id for each pgp certificate */
-
+        certmap::iterator it;
-        return getPGPSignedList(ids);
+        for(it = mKeyList.begin(); it != mKeyList.end(); it++)
        {
            if (it->second.validLvl >= GPGME_VALIDITY_MARGINAL) {
                ids.push_back(it->first);
            }
        }
        return true;
 }
-bool	AuthGPG::getPGPSignedList(std::list<std::string> &ids)
+bool	AuthGPG::getGPGAcceptedList(std::list<std::string> &ids)
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
        certmap::iterator it;
        for(it = mKeyList.begin(); it != mKeyList.end(); it++)
        {
                if (it->second.accept_connection)
                {
                        ids.push_back(it->first);
                }
        }
        return true;
 }
 bool	AuthGPG::getGPGSignedList(std::list<std::string> &ids)
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
 	certmap::iterator it;
 	for(it = mKeyList.begin(); it != mKeyList.end(); it++)
 	{
@ -994,10 +1019,9 @@ bool	AuthGPG::getPGPSignedList(std::list<std::string> &ids)
 	return true;
 }
-bool	AuthGPG::isPGPValid(GPG_id id)
+bool	AuthGPG::isGPGValid(GPG_id id)
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
        certmap::iterator it;
        if (mKeyList.end() != (it = mKeyList.find(id))) {
            return (it->second.validLvl >= GPGME_VALIDITY_MARGINAL);
@ -1008,10 +1032,9 @@ bool	AuthGPG::isPGPValid(GPG_id id)
 }
-bool	AuthGPG::isPGPSigned(GPG_id id)
+bool	AuthGPG::isGPGSigned(GPG_id id)
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
        certmap::iterator it;
 	if (mKeyList.end() != (it = mKeyList.find(id)))
 	{
@ -1020,6 +1043,17 @@ bool	AuthGPG::isPGPSigned(GPG_id id)
 	return false;
 }
 bool	AuthGPG::isGPGAccepted(GPG_id id)
 {
        //RsStackMutex stack(pgpMtx); /******* LOCKED ******/
        certmap::iterator it;
        if (mKeyList.end() != (it = mKeyList.find(id)))
        {
                return (it->second.accept_connection);
        }
        return false;
 }
 /****** Large Parts of the p3AuthMgr is provided by AuthSSL ******
 * As the majority of functions require SSL Certs
 *
@ -1065,7 +1099,7 @@ bool AuthGPG::loadCertificates()
 std::string AuthGPG::SaveCertificateToString(std::string id)
 {
-        if (!isPGPValid(id)) {
+        if (!isGPGValid(id)) {
                std::cerr << "AuthGPG::SaveCertificateToString() unknown ID" << std::endl;
 		std::string emptystr;
 		return emptystr;
@ -1112,7 +1146,7 @@ std::string AuthGPG::SaveCertificateToString(std::string id)
 }
 /* import to GnuPG and other Certificates */
-bool AuthGPG::LoadCertificateFromString(std::string str)
+bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
 {
 	RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -1130,13 +1164,15 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
 	if (GPG_ERR_NO_ERROR != gpgme_op_import (CTX,gpgmeData))
 	{
-                std::cerr << "AuthGPG::Error Importing Certificate";
+                std::cerr << "AuthGPG::LoadCertificateFromString() Error Importing Certificate";
 		std::cerr << std::endl;
 		return false ;
 	}
 	gpgme_import_result_t res = gpgme_op_import_result(CTX);
        std::string fingerprint = std::string(res->imports->fpr);
        std::cerr << "AuthGPG::LoadCertificateFromString() Importing considered folowing fpr : " << fingerprint << std::endl;
 	int imported = res->imported;
@ -1144,7 +1180,6 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
 					res->considered, res->imported);
 	/* do we need to delete res??? */
 	gpgme_data_release (gpgmeData);
 	/* extract id(s)! (only if we actually imported one) */
@ -1152,6 +1187,17 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
 	{
 		storeAllKeys_locked();
 	}
        //retrieve the id of the key
        certmap::iterator it;
        for(it = mKeyList.begin(); it != mKeyList.end(); it++)
        {
                if (it->second.fpr == fingerprint)
                {
                        gpg_id = it->second.id;
                        break;
                }
        }
        std::cerr << "AuthGPG::LoadCertificateFromString() returning with gpg_id : " << gpg_id << std::endl;
 	return true;
 }
@ -1169,6 +1215,25 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
 /*************************************/
 /* These take PGP Ids */
 bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
 {
        std::cerr << "AuthGPG::markGPGCertificateAsFriends(" << gpg_id << ")";
        std::cerr << std::endl;
        /* reload stuff now ... */
        RsStackMutex stack(pgpMtx); /******* LOCKED ******/
 	certmap::iterator it;
        if (mKeyList.end() == (it = mKeyList.find(gpg_id))) {
                return false;
        }
        it->second.accept_connection = acceptance;
        mAcceptToConnectMap[gpg_id] = acceptance;
        return true;
 }
 /* These take PGP Ids */
 bool AuthGPG::SignCertificateLevel0(GPG_id id)
 {
@ -1235,9 +1300,9 @@ bool AuthGPG::SignDataBin(const void *data, unsigned int datalen, unsigned char
                        sign, signlen);
 }
-bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen) {
+bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen, std::string withfingerprint) {
        return VerifySignature_locked(data, datalen,
-                        sign, signlen);
+                        sign, signlen, withfingerprint);
 }
@ -1298,7 +1363,7 @@ int	AuthGPG::privateTrustCertificate(std::string id, int trustlvl)
 	/* The certificate should be in Peers list ??? */
-        if(!isPGPSigned(id)) {
+        if(!isGPGSigned(id)) {
 		std::cerr << "Invalid Certificate" << std::endl;
 		return 0;
 	}
--- a/libretroshare/src/pqi/authgpg.h
+++ b/libretroshare/src/pqi/authgpg.h
@ -46,6 +46,7 @@
 #include "rsiface/rspeers.h"
 #include <string>
 #include <list>
 #include <set>
 #include <map>
 #define GPG_id std::string
@ -71,6 +72,9 @@ class gpgcert
                bool ownsign;
                //This is not gpg, but RS data. A gpg peer can be accepted for connecting but not signed.
                bool accept_connection;
 		gpgme_key_t key;
 };
@ -85,7 +89,7 @@ class AuthGPG
 	/* Internal functions */
        bool 	DoOwnSignature_locked(const void *, unsigned int, void *, unsigned int *);
-        bool    VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen);
+        bool    VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint);
        /* Sign/Trust stuff */
        int	privateSignCertificate(GPG_id id);
@ -104,7 +108,7 @@ class AuthGPG
        AuthGPG();
        ~AuthGPG();
-        bool    availablePGPCertificatesWithPrivateKeys(std::list<std::string> &ids);
+        bool    availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
 	int	GPGInit(std::string ownId);
@ -145,18 +149,21 @@ class AuthGPG
 * provide access to details in cache list.
 *
 ****/
-    std::string getPGPName(GPG_id pgp_id);
+    std::string getGPGName(GPG_id pgp_id);
-    std::string getPGPEmail(GPG_id pgp_id);
+    std::string getGPGEmail(GPG_id pgp_id);
    /* PGP web of trust management */
-    GPG_id PGPOwnId();
+    std::string getGPGOwnId();
-    bool	getPGPDetails(std::string id, RsPeerDetails &d);
+    std::string getGPGOwnName();
-    bool	getPGPAllList(std::list<std::string> &ids);
+    std::string getGPGOwnEmail();
-    bool	getPGPValidList(std::list<std::string> &ids);
+    bool	getGPGDetails(std::string id, RsPeerDetails &d);
-    bool	getPGPAcceptedList(std::list<std::string> &ids);
+    bool	getGPGAllList(std::list<std::string> &ids);
-    bool	getPGPSignedList(std::list<std::string> &ids);
+    bool	getGPGValidList(std::list<std::string> &ids);
-    bool	isPGPValid(std::string id);
+    bool	getGPGAcceptedList(std::list<std::string> &ids);
-    bool	isPGPSigned(std::string id);
+    bool	getGPGSignedList(std::list<std::string> &ids);
    bool	isGPGValid(std::string id);
    bool	isGPGSigned(std::string id);
    bool	isGPGAccepted(std::string id);
 /*********************************************************************************/
 /************************* STAGE 4 ***********************************************/
@ -165,7 +172,7 @@ class AuthGPG
 * STAGE 4: Loading and Saving Certificates. (Strings and Files)
 *
 ****/
-  bool LoadCertificateFromString(std::string pem);
+  bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
  std::string SaveCertificateToString(std::string id);
 /*********************************************************************************/
@ -178,6 +185,7 @@ class AuthGPG
 * done in gpgroot already.
 *
 ****/
  bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
  bool SignCertificateLevel0(std::string id);
  bool RevokeCertificate(std::string id);  /* Particularly hard - leave for later */
  bool TrustCertificateNone(std::string id);
@ -198,7 +206,7 @@ class AuthGPG
  bool SignData(const void *data, const uint32_t len, std::string &sign);
  bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
  bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
-  bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int);
+  bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
  bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
  bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
 //END of PGP public functions
@ -223,7 +231,10 @@ private:
    gpgme_ctx_t CTX;
    std::string mOwnGpgId;
    std::string mOwnGpgName;
    std::string mOwnGpgEmail;
    std::string mX509id;
    std::map<std::string, bool> mAcceptToConnectMap;
    gpgcert mOwnGpgCert;
 };
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
--- a/libretroshare/src/pqi/authssl.h
+++ b/libretroshare/src/pqi/authssl.h
@ -27,12 +27,10 @@
 #define MRK_AUTH_SSL_HEADER
 /* 
- * This is an implementation of SSL certificate authentication, which can be 
+ * This is an implementation of SSL certificate authentication, which is
 * overloaded with pgp style signatures, and web-of-trust authentication.
 *
- * There are several virtual functions with can be overloaded to acheive this.
+ * only the owner ssl cert is store, the rest is jeus callback verification
 *      SignCertificate()
 *	AuthCertificate()
 * 	
 * To use as an SSL authentication system, you must use a common CA certificate.
 * and compilation should be done with PQI_USE_XPGP off, and PQI_USE_SSLONLY on
@ -52,6 +50,7 @@
 #include "pqi/pqi_base.h"
 #include "pqi/pqinetwork.h"
 #include "rsiface/rspeers.h"
 typedef std::string SSL_id;
@ -75,7 +74,7 @@ class sslcert
        std::string issuer;
        std::string fpr;
-        std::list<std::string> signers;
+        //std::list<std::string> signers;
        /* Auth settings */
        bool authed;
@ -103,42 +102,43 @@ SSL_CTX *	getNewSslCtx();
 	/*********** Overloaded Functions from p3AuthMgr **********/
-	/* get Certificate Ids */
+        /* get Certificate Id */
 virtual	std::string OwnId();
-virtual bool    getAllList(std::list<std::string> &ids);
+//virtual bool    getAllList(std::list<std::string> &ids);
-virtual bool    getAuthenticatedList(std::list<std::string> &ids);
+//virtual bool    getAuthenticatedList(std::list<std::string> &ids);
-virtual bool    getUnknownList(std::list<std::string> &ids);
+//virtual bool    getUnknownList(std::list<std::string> &ids);
-virtual bool    getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
+//virtual bool    getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
 	/* get Details from the Certificates */
-virtual bool    isAuthenticated(std::string id);
+//virtual bool    isAuthenticated(std::string id);
-virtual	std::string getName(std::string id);
+//virtual	std::string getName(std::string id);
-virtual std::string getIssuerName(std::string id);
+//virtual std::string getIssuerName(std::string id);
-virtual std::string getGPGId(SSL_id id);
+//virtual std::string getGPGId(SSL_id id);
-virtual bool    getCertDetails(std::string id, sslcert &cert);
+//virtual bool    getCertDetails(std::string id, sslcert &cert);
 	/* High Level Load/Save Configuration */
-virtual bool FinalSaveCertificates();
+//virtual bool FinalSaveCertificates();
-virtual bool CheckSaveCertificates();
+//virtual bool CheckSaveCertificates();
-virtual bool saveCertificates();
+//virtual bool saveCertificates();
-virtual bool loadCertificates();
+//virtual bool loadCertificates();
 	/* Load/Save certificates */
 virtual bool LoadCertificateFromString(std::string pem, std::string &id);
 virtual	std::string SaveCertificateToString(std::string id);
 virtual bool LoadCertificateFromFile(std::string filename, std::string &id);
 virtual bool SaveCertificateToFile(std::string id, std::string filename);
 bool 	ProcessX509(X509 *x509, std::string &id);
-virtual bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);	
+virtual bool LoadDetailsFromStringCert(std::string pem, RsPeerDetails &pd);
-virtual	bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
+virtual	std::string SaveOwnCertificateToString();
 //virtual bool LoadCertificateFromFile(std::string filename, std::string &id);
 //virtual bool SaveCertificateToFile(std::string id, std::string filename);
 //bool 	ProcessX509(X509 *x509, std::string &id);
 //
 //virtual bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);
 //virtual	bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
 	/* Sign / Encrypt / Verify Data (TODO) */
 virtual bool 	SignData(std::string input, std::string &sign);
 virtual bool 	SignData(const void *data, const uint32_t len, std::string &sign);
 virtual bool 	SignDataBin(std::string, unsigned char*, unsigned int*);
 virtual bool    SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
-virtual bool    VerifySignBin(std::string, const void*, uint32_t, unsigned char*, unsigned int);
+virtual bool    VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int);
 // return : false if encrypt failed
 bool     encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
@ -165,11 +165,11 @@ SSL_CTX *getCTX();
 static int ex_data_ctx_index; //used to pass the peer id in the ssl context
-bool 	FailedCertificate(X509 *x509, bool incoming);     /* store for discovery */
+//bool 	FailedCertificate(X509 *x509, bool incoming);     /* store for discovery */
-bool 	CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
+//bool 	CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
 	/* Special Config Loading (backwards compatibility) */
-bool  	loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
+//bool  	loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
  static AuthSSL *getAuthSSL() throw() // pour obtenir l'instance
      { return instance_ssl; }
@ -190,7 +190,7 @@ X509 *	loadX509FromDER(const uint8_t *ptr, uint32_t len);
 bool 	saveX509ToDER(X509 *x509, uint8_t **ptr, uint32_t *len);
 	/*********** LOCKED Functions ******/
-bool 	locked_FindCert(std::string id, sslcert **cert);
+//bool 	locked_FindCert(std::string id, sslcert **cert);
 	/* Data */
@ -208,7 +208,7 @@ bool 	locked_FindCert(std::string id, sslcert **cert);
 	bool mToSaveCerts;
 	bool mConfigSaveActive;
-	std::map<std::string, sslcert *> mCerts;
+        //std::map<std::string, sslcert *> mCerts;
 };
--- a/libretroshare/src/pqi/p3connmgr.cc
+++ b/libretroshare/src/pqi/p3connmgr.cc
@ -28,6 +28,8 @@
 #include "tcponudp/tou.h"
 #include "tcponudp/extaddrfinder.h"
 #include "util/rsnet.h"
 #include "pqi/authgpg.h"
 #include "util/rsprint.h"
 #include "util/rsdebug.h"
@ -96,12 +98,14 @@ peerAddrInfo::peerAddrInfo()
 peerConnectState::peerConnectState()
 	:id("unknown"), 
         gpg_id("unknown"),
 	 netMode(RS_NET_MODE_UNKNOWN), visState(RS_VIS_STATE_STD), 
 	 lastcontact(0),
 	 connecttype(0),
 	 lastavailable(0),
         lastattempt(time(NULL) - MIN_RETRY_PERIOD + MIN_TIME_BETWEEN_NET_RESET + 2), //start connection 2 second after the possible next one net reset
-	 name("nameless"), state(0), actions(0), 
+         name(""), location(""),
         state(0), actions(0),
 	 source(0), 
 	 inConnAttempt(0)
 {
@ -136,7 +140,7 @@ p3ConnectMgr::p3ConnectMgr()
 {
 	/* setup basics of own state */
        ownState.id = AuthSSL::getAuthSSL()->OwnId();
-        ownState.name = AuthSSL::getAuthSSL()->getName(ownState.id);
+        ownState.name = AuthGPG::getAuthGPG()->getGPGOwnName();
        ownState.netMode = RS_NET_MODE_UDP;
 	//use_extr_addr_finder = true ;
@ -1442,18 +1446,18 @@ void p3ConnectMgr::getFriendList(std::list<std::string> &peers)
 }
-void p3ConnectMgr::getOthersList(std::list<std::string> &peers)
+//void p3ConnectMgr::getOthersList(std::list<std::string> &peers)
-{
+//{
-	RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
+//	RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
-
+//
-	/* check for existing */
+//	/* check for existing */
-        std::map<std::string, peerConnectState>::iterator it;
+//        std::map<std::string, peerConnectState>::iterator it;
-	for(it = mOthersList.begin(); it != mOthersList.end(); it++)
+//	for(it = mOthersList.begin(); it != mOthersList.end(); it++)
-	{
+//	{
-		peers.push_back(it->first);
+//		peers.push_back(it->first);
-	}
+//	}
-	return;
+//	return;
-}
+//}
@ -1984,7 +1988,7 @@ void    p3ConnectMgr::peerConnectRequest(std::string id, struct sockaddr_in radd
 /*******************************************************************/
 /*******************************************************************/
-bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState, time_t lastContact)
+bool p3ConnectMgr::addFriend(std::string id, std::string gpg_id, uint32_t netMode, uint32_t visState, time_t lastContact)
 {
 	/* so three possibilities 
 	 * (1) already exists as friend -> do nothing.
@ -1993,7 +1997,7 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
 	 */
 #ifdef CONN_DEBUG
-	std::cerr << "p3ConnectMgr::addFriend() " << id << std::endl;
+        std::cerr << "p3ConnectMgr::addFriend() " << id << "; gpg_id : " << gpg_id << std::endl;
 #endif
 	RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
@ -2009,18 +2013,20 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
 		return true;
 	}
-	/* check with the AuthMgr if its authorised */
+        //Authentication is now tested at connection time, we don't store the ssl cert anymore
-        if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
+        if (!AuthGPG::getAuthGPG()->isGPGAccepted(gpg_id))
        {
 #ifdef CONN_DEBUG
-		std::cerr << "p3ConnectMgr::addFriend() Failed Authentication" << std::endl;
+                std::cerr << "p3ConnectMgr::addFriend() gpg is not accepted" << std::endl;
 #endif
                /* no auth */
                return false;
        }
        /* check if it is in others */
-	if (mOthersList.end() != (it = mOthersList.find(id)))
+//	if (mOthersList.end() != (it = mOthersList.find(id)))
        if (false)
        {
 		/* (2) in mOthersList -> move over */
 #ifdef CONN_DEBUG
@ -2059,18 +2065,6 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
 		return true;
        }
 	/* get details from AuthMgr */
        sslcert detail;
        if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
 	{
 #ifdef CONN_DEBUG
 		std::cerr << "p3ConnectMgr::addFriend() Failed to get Details" << std::endl;
 #endif
 		/* ERROR: no details */
 		return false;
 	}
 #ifdef CONN_DEBUG
 	std::cerr << "p3ConnectMgr::addFriend() Creating New Entry" << std::endl;
 #endif
@ -2079,7 +2073,8 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
 	peerConnectState pstate;
 	pstate.id = id;
-        pstate.name = detail.name;
+        pstate.gpg_id = gpg_id;
        pstate.name = AuthGPG::getAuthGPG()->getGPGName(gpg_id);
 	pstate.state = RS_PEER_S_FRIEND;
 	pstate.actions = RS_PEER_NEW;
@ -2145,7 +2140,7 @@ bool p3ConnectMgr::addNeighbour(std::string id)
 {
 #ifdef CONN_DEBUG
-	std::cerr << "p3ConnectMgr::addNeighbour() " << id << std::endl;
+	std::cerr << "p3ConnectMgr::addNeighbour() not implemented anymore." << id << std::endl;
 #endif
 	/* so three possibilities 
@ -2154,51 +2149,51 @@ bool p3ConnectMgr::addNeighbour(std::string id)
 	 * (3) is non-existant -> create new one.
 	 */
-	RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
+//	RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
 //
 //        std::map<std::string, peerConnectState>::iterator it;
 //	if (mFriendList.end() == mFriendList.find(id))
 //	{
 //		/* (1) already exists */
 //		return false;
 //	}
 //
 //	if (mOthersList.end() == mOthersList.find(id))
 //	{
 //		/* (2) already exists */
 //		return true;
 //	}
 //
 //	/* check with the AuthMgr if its valid */
 //        if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
 //	{
 //		/* no auth */
 //		return false;
 //	}
 //
 //	/* get details from AuthMgr */
 //        sslcert detail;
 //        if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
 //	{
 //		/* no details */
 //		return false;
 //	}
 //
 //	/* create a new entry */
 //	peerConnectState pstate;
 //
 //	pstate.id = id;
 //        pstate.name = detail.name;
 //
 //	pstate.state = 0;
 //	pstate.actions = 0; //RS_PEER_NEW;
 //	pstate.visState = RS_VIS_STATE_STD;
 //	pstate.netMode = RS_NET_MODE_UNKNOWN;
 //
 //	/* addr & timestamps -> auto cleared */
 //	mOthersList[id] = pstate;
        std::map<std::string, peerConnectState>::iterator it;
 	if (mFriendList.end() == mFriendList.find(id))
 	{
 		/* (1) already exists */
        return false;
 	}
 	if (mOthersList.end() == mOthersList.find(id))
 	{
 		/* (2) already exists */
 		return true;
 	}
 	/* check with the AuthMgr if its valid */
        if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
 	{
 		/* no auth */
 		return false;
 	}
 	/* get details from AuthMgr */
        sslcert detail;
        if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
 	{
 		/* no details */
 		return false;
 	}
 	/* create a new entry */
 	peerConnectState pstate;
 	pstate.id = id;
        pstate.name = detail.name;
 	pstate.state = 0;
 	pstate.actions = 0; //RS_PEER_NEW;
 	pstate.visState = RS_VIS_STATE_STD;
 	pstate.netMode = RS_NET_MODE_UNKNOWN;
 	/* addr & timestamps -> auto cleared */
 	mOthersList[id] = pstate;
 	return true;
 }
 /*******************************************************************/
@ -2633,6 +2628,30 @@ bool    p3ConnectMgr::setNetworkMode(std::string id, uint32_t netMode)
 	return false;
 }
 bool    p3ConnectMgr::setLocation(std::string id, std::string location)
 {
 #ifdef CONN_DEBUG
        std::cerr << "p3ConnectMgr::setLocation() called for id : " << id << "; with location " << location << std::endl;
 #endif
        if (id == AuthSSL::getAuthSSL()->OwnId())
        {
                ownState.location = location;
                return true;
        }
        RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
        /* check if it is a friend */
        std::map<std::string, peerConnectState>::iterator it;
        bool isFriend = false;
        if (mFriendList.end() == (it = mFriendList.find(id))) {
            return false;
        } else {
            it->second.location = location;
            return true;
        }
 }
 bool    p3ConnectMgr::setVisState(std::string id, uint32_t visState)
 {
        if (id == AuthSSL::getAuthSSL()->OwnId())
@ -2792,6 +2811,8 @@ std::list<RsItem *> p3ConnectMgr::saveList(bool &cleanup)
 	item->clear();
 	item->pid = getOwnId();
        item->gpg_id = ownState.gpg_id;
        item->location = ownState.location;
 	if (ownState.netMode & RS_NET_MODE_TRY_EXT)
 	{
 		item->netMode = RS_NET_MODE_EXT;
@ -2828,6 +2849,8 @@ std::list<RsItem *> p3ConnectMgr::saveList(bool &cleanup)
 		item->clear();
 		item->pid = it->first;
                item->gpg_id = (it->second).gpg_id;
                item->location = (it->second).location;
                item->netMode = (it->second).netMode;
 		item->visState = (it->second).visState;
 		item->lastContact = (it->second).lastcontact;
@ -2913,6 +2936,7 @@ bool  p3ConnectMgr::loadList(std::list<RsItem *> load)
 #endif
 				/* add ownConfig */
                                setOwnNetConfig(pitem->netMode, pitem->visState);
                                ownState.gpg_id = AuthGPG::getAuthGPG()->getGPGOwnId();
 			}
 			else
 			{
@ -2922,8 +2946,9 @@ bool  p3ConnectMgr::loadList(std::list<RsItem *> load)
 				std::cerr << std::endl;
 #endif
 				/* ************* */
-				addFriend(pitem->pid, pitem->netMode, pitem->visState, pitem->lastContact);
+                                addFriend(pitem->pid, pitem->gpg_id, pitem->netMode, pitem->visState, pitem->lastContact);
 			}
                        setLocation(pitem->pid, pitem->location);
                        setLocalAddress(pitem->pid, pitem->currentlocaladdr);
                        setExtAddress(pitem->pid, pitem->currentremoteaddr);
                        setAddressList(pitem->pid, pitem->ipAddressList);
--- a/libretroshare/src/pqi/p3connmgr.h
+++ b/libretroshare/src/pqi/p3connmgr.h
@ -136,6 +136,7 @@ class peerConnectState
 	peerConnectState(); /* init */
        std::string id;
        std::string gpg_id;
 	uint32_t netMode; /* EXT / UPNP / UDP / INVALID */
 	uint32_t visState; /* STD, GRAY, DARK */	
@ -167,6 +168,7 @@ class peerConnectState
 	time_t lastattempt;
 	std::string name;
        std::string location;
 	uint32_t    state;
 	uint32_t    actions;
@ -231,11 +233,13 @@ bool    setAddressList(std::string id, std::list<IpAddressTimed> IpAddressTimedL
 bool 	setNetworkMode(std::string id, uint32_t netMode);
 bool 	setVisState(std::string id, uint32_t visState);
 bool    setLocation(std::string pid, std::string location);//location is shown in the gui to differentiate ssl certs
 	/* add/remove friends */
-bool 	addFriend(std::string id, uint32_t netMode = RS_NET_MODE_UDP, 
+bool 	addFriend(std::string ssl_id, std::string gpg_id, uint32_t netMode = RS_NET_MODE_UDP,
 	   uint32_t visState = RS_VIS_STATE_STD , time_t lastContact = 0);
-bool	removeFriend(std::string);
+bool	removeFriend(std::string ssl_id);
 bool	addNeighbour(std::string);
 	/*************** External Control ****************/
@ -244,14 +248,14 @@ bool	addNeighbour(std::string);
 const std::string getOwnId();
 bool	getOwnNetStatus(peerConnectState &state);
-bool	isFriend(std::string id);
+bool	isFriend(std::string ssl_id);
-bool	isOnline(std::string id);
+bool	isOnline(std::string ssl_id);
 bool	getFriendNetStatus(std::string id, peerConnectState &state);
 bool	getOthersNetStatus(std::string id, peerConnectState &state);
-void	getOnlineList(std::list<std::string> &peers);
+void	getOnlineList(std::list<std::string> &ssl_peers);
-void	getFriendList(std::list<std::string> &peers);
+void	getFriendList(std::list<std::string> &ssl_peers);
-void	getOthersList(std::list<std::string> &peers);
+//void	getOthersList(std::list<std::string> &peers); /deprecated
 	/**************** handle monitors *****************/
--- a/libretroshare/src/pqi/pqissl.cc
+++ b/libretroshare/src/pqi/pqissl.cc
@ -109,16 +109,6 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3ConnectMgr *cm)
 	  rslog(RSL_ALERT, pqisslzone, out.str());
 	}
        if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId())))
 	{
  	  rslog(RSL_ALERT, pqisslzone, 
 	    "pqissl::Warning Certificate Not Approved!");
  	  rslog(RSL_ALERT, pqisslzone, 
 	    "\t pqissl will not initialise....");
 	}
 	return;
 }
@ -1081,14 +1071,14 @@ int 	pqissl::Extract_Failed_SSL_Certificate()
 	}
  	rslog(RSL_DEBUG_BASIC, pqisslzone, 
-	  "pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - Registering");
+          "pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - (Not) Registering (anymore)");
 	// save certificate... (and ip locations)
 	// false for outgoing....
 	// we actually connected to remote_addr, 
 	// 	which could be 
 	//      (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
-        AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
+        //AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
 	return 1;
 }
@ -1138,33 +1128,36 @@ int 	pqissl::Authorise_SSL_Connection()
  	rslog(RSL_DEBUG_BASIC, pqisslzone, 
 	  "pqissl::Authorise_SSL_Connection() Have Peer Cert");
        accept(ssl_connection, sockfd, remote_addr);
        return 1;
 	// save certificate... (and ip locations)
 	// false for outgoing....
 	// we actually connected to remote_addr, 
 	// 	which could be 
 	//      (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
-	bool certCorrect = false;
+//	bool certCorrect = false;
-        certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
+//        certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
-
+//
-	// check it's the right one.
+//	// check it's the right one.
-	if (certCorrect)
+//	if (certCorrect)
-	{
+//	{
-		// then okay...
+//		// then okay...
-		std::ostringstream out;
+//		std::ostringstream out;
-	  	out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
+//	  	out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
-  		rslog(RSL_WARNING, pqisslzone, out.str());
+//  		rslog(RSL_WARNING, pqisslzone, out.str());
-
+//
-		accept(ssl_connection, sockfd, remote_addr);
+//		accept(ssl_connection, sockfd, remote_addr);
-		return 1;
+//		return 1;
-        }
+//        }
-
+//
-	{
+//	{
-		std::ostringstream out;
+//		std::ostringstream out;
-	  	out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
+//	  	out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
-		out << " Shutdown. Peer: " << PeerId();
+//		out << " Shutdown. Peer: " << PeerId();
-  		rslog(RSL_WARNING, pqisslzone, out.str());
+//  		rslog(RSL_WARNING, pqisslzone, out.str());
-	}
+//	}
 	// else shutdown ssl connection.
--- a/libretroshare/src/pqi/pqissllistener.cc
+++ b/libretroshare/src/pqi/pqissllistener.cc
@ -472,11 +472,11 @@ int 	pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_
 	}
  	pqioutput(PQL_DEBUG_BASIC, pqissllistenzone, 
-	  "pqissllistenbase::Extract_Failed_SSL_Certificate() Have Peer Cert - Registering");
+          "pqissllistenbase::Extract_Failed_SSL_Certificate() Have Peer Cert - (Not) Registering (Anymore)");
 	// save certificate... (and ip locations)
 	// false for outgoing....
-        AuthSSL::getAuthSSL()->FailedCertificate(peercert, true);
+        //AuthSSL::getAuthSSL()->FailedCertificate(peercert, true);
 	return 1;
 }
@ -683,19 +683,19 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
 		return -1;
 	}
-	/* Certificate consumed! */
+//	/* Certificate consumed! */
-        bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
+//        bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
-
+//
-	if (certKnown == false)
+//	if (certKnown == false)
-	{
+//	{
-		std::ostringstream out;
+//		std::ostringstream out;
-		out << "Failed Final Check";
+//		out << "Failed Final Check";
-		out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
+//		out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
-		out << std::endl;
+//		out << std::endl;
-		out << "pqissllistenbase: Will shut it down!" << std::endl;
+//		out << "pqissllistenbase: Will shut it down!" << std::endl;
-  	        pqioutput(PQL_WARNING, pqissllistenzone, out.str());
+//  	        pqioutput(PQL_WARNING, pqissllistenzone, out.str());
-		return -1;
+//		return -1;
-	}
+//	}
 	pqissl *pqis = it -> second;
--- a/libretroshare/src/pqi/pqissltunnel.cc
+++ b/libretroshare/src/pqi/pqissltunnel.cc
@ -102,12 +102,12 @@ pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm)
 	  rslog(RSL_ALERT, pqisslzone, out.str());
 	}
-        if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId()))) {
+//        if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId()))) {
-	  rslog(RSL_ALERT, pqisslzone,
+//	  rslog(RSL_ALERT, pqisslzone,
-	    "pqissltunnel::Warning Certificate Not Approved!");
+//	    "pqissltunnel::Warning Certificate Not Approved!");
-	  rslog(RSL_ALERT, pqisslzone,
+//	  rslog(RSL_ALERT, pqisslzone,
-	    "\t pqissltunnel will not initialise....");
+//	    "\t pqissltunnel will not initialise....");
-	}
+//	}
 	mP3tunnel = mConnMgr->getP3tunnel();
 	current_data_offset = 0;
 	curent_data_packet.length = 0;
--- a/libretroshare/src/rsiface/rspeers.h
+++ b/libretroshare/src/rsiface/rspeers.h
@ -39,9 +39,10 @@ class RsPeers;
 extern RsPeers   *rsPeers;
 /* Trust Levels */
-const uint32_t RS_TRUST_LVL_UNKNOWN	= 0x0001;
+const uint32_t RS_TRUST_LVL_NONE	= 2;
-const uint32_t RS_TRUST_LVL_MARGINAL	= 0x0002;
+const uint32_t RS_TRUST_LVL_MARGINAL	= 3;
-const uint32_t RS_TRUST_LVL_GOOD	= 0x0003;
+const uint32_t RS_TRUST_LVL_FULL	= 4;
 const uint32_t RS_TRUST_LVL_ULTIMATE	= 5;
 /* Net Mode */
@ -78,6 +79,7 @@ class RsPeerDetails
 	/* Auth details */
        bool isOnlyGPGdetail;
 	std::string id;
        std::string gpg_id;
 	std::string name;
 	std::string email;
 	std::string location;
@ -95,6 +97,8 @@ class RsPeerDetails
        bool ownsign; /* we have signed the remote peer GPG key */
        bool hasSignedMe; /* the remote peer has signed my GPG key */
        bool accept_connection;
 	/* Network details (only valid if friend) */
 	uint32_t		state;
@ -132,30 +136,33 @@ virtual std::string getOwnId()					= 0;
 virtual bool	getOnlineList(std::list<std::string> &ssl_ids)	= 0;
 virtual bool	getFriendList(std::list<std::string> &ssl_ids)	= 0;
-virtual bool	getOthersList(std::list<std::string> &ssl_ids)	= 0;
+//virtual bool	getOthersList(std::list<std::string> &ssl_ids)	= 0;
 virtual bool    isOnline(std::string ssl_id)			= 0;
 virtual bool    isFriend(std::string ssl_id)			= 0;
-virtual std::string getPeerName(std::string ssl_id)			= 0;
+virtual bool    isGPGAccepted(std::string gpg_id_is_friend)			= 0; //
-virtual std::string getPeerPGPName(std::string ssl_id)	= 0;
+virtual std::string getPeerName(std::string ssl_or_gpg_id)			= 0;
 virtual std::string getGPGName(std::string gpg_id)	= 0;
 virtual bool	getPeerDetails(std::string ssl_or_gpg_id, RsPeerDetails &d) = 0; //get Peer detail accept SSL and PGP certs
 		/* Using PGP Ids */
-virtual std::string getPGPOwnId()				= 0;
+virtual std::string getGPGOwnId()				= 0;
-virtual std::string getPGPId(std::string ssl_id)	= 0;
+virtual std::string getGPGId(std::string ssl_id)	= 0;
-virtual bool    getPGPAcceptedList(std::list<std::string> &gpg_ids)   = 0;
+virtual bool    getGPGAcceptedList(std::list<std::string> &gpg_ids)   = 0;
-virtual bool    getPGPSignedList(std::list<std::string> &gpg_ids)   = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
+virtual bool    getGPGSignedList(std::list<std::string> &gpg_ids)   = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
-virtual bool    getPGPValidList(std::list<std::string> &gpg_ids)   = 0;
+virtual bool    getGPGValidList(std::list<std::string> &gpg_ids)   = 0;
-virtual bool    getPGPAllList(std::list<std::string> &gpg_ids) 	= 0;
+virtual bool    getGPGAllList(std::list<std::string> &gpg_ids) 	= 0;
-virtual bool	getPGPDetails(std::string gpg_id, RsPeerDetails &d) = 0;
+virtual bool	getGPGDetails(std::string gpg_id, RsPeerDetails &d) = 0;
 virtual bool    getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids) = 0;
 	/* Add/Remove Friends */
-virtual	bool addFriend(std::string id)        			= 0;
+virtual	bool addFriend(std::string ssl_id, std::string gpg_id)        			= 0;
 virtual	bool addDummyFriend(std::string gpg_id)        			= 0; //we want to add a empty ssl friend for this gpg id
 virtual	bool removeFriend(std::string id)  			= 0;
 	/* Network Stuff */
 virtual	bool connectAttempt(std::string ssl_id)			= 0;
 virtual bool setLocation(std::string ssl_id, std::string location) = 0;//location is shown in the gui to differentiate ssl certs
 virtual	bool setLocalAddress(std::string ssl_id, std::string addr, uint16_t port) = 0;
 virtual	bool setExtAddress(  std::string ssl_id, std::string addr, uint16_t port) = 0;
 virtual	bool setNetworkMode(std::string ssl_id, uint32_t netMode) 	= 0;
@ -170,13 +177,14 @@ virtual bool getAllowTunnelConnection() = 0 ;
 	/* Auth Stuff */
 virtual	std::string GetRetroshareInvite() 			= 0;
-virtual	bool LoadCertificateFromFile(std::string fname, std::string &id)  = 0;
+virtual	bool loadCertificateFromFile(std::string fname, std::string &id, std::string &gpg_id)  = 0;
-virtual	bool LoadCertificateFromString(std::string cert, std::string &id)  = 0;
+virtual	bool loadDetailsFromStringCert(std::string cert, RsPeerDetails &pd) = 0;
-virtual	bool SaveCertificateToFile(std::string id, std::string fname)  = 0;
+virtual	bool saveCertificateToFile(std::string id, std::string fname)  = 0;
-virtual	std::string SaveCertificateToString(std::string id)  	= 0;
+virtual	std::string saveCertificateToString(std::string id)  	= 0;
-virtual	bool SignGPGCertificate(std::string gpg_id)                   	= 0;
+virtual	bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance) = 0;
-virtual	bool TrustGPGCertificate(std::string gpg_id, uint32_t trustlvl) 	= 0;
+virtual	bool signGPGCertificate(std::string gpg_id)                   	= 0;
 virtual	bool trustGPGCertificate(std::string gpg_id, uint32_t trustlvl) 	= 0;
 };
--- a/libretroshare/src/rsserver/p3face-config.cc
+++ b/libretroshare/src/rsserver/p3face-config.cc
@ -30,6 +30,7 @@
 #include <iostream>
 #include <sstream>
 #include "pqi/authssl.h"
 #include "pqi/authgpg.h"
 #include "util/rsdebug.h"
 const int p3facemsgzone = 11453;
@ -104,7 +105,7 @@ int RsServer::UpdateAllConfig()
 	RsConfig &config = iface.mConfig;
        config.ownId = AuthSSL::getAuthSSL()->OwnId();
-        config.ownName = AuthSSL::getAuthSSL()->getName(config.ownId);
+        config.ownName = AuthGPG::getAuthGPG()->getGPGOwnName();
 	peerConnectState pstate;
        mConnMgr->getOwnNetStatus(pstate);
@ -157,7 +158,7 @@ void    RsServer::ConfigFinalSave()
 	/* force saving of transfers TODO */
 	//ftserver->saveFileTransferStatus();
-        AuthSSL::getAuthSSL()->FinalSaveCertificates();
+        //AuthSSL::getAuthSSL()->FinalSaveCertificates();
 	mConfigMgr->completeConfiguration();
 }
--- a/libretroshare/src/rsserver/p3face-server.cc
+++ b/libretroshare/src/rsserver/p3face-server.cc
@ -245,7 +245,7 @@ void 	RsServer::run()
 				//ftserver->saveFileTransferStatus();
 				/* see if we need to resave certs */
-                                AuthSSL::getAuthSSL()->CheckSaveCertificates();
+                                //AuthSSL::getAuthSSL()->CheckSaveCertificates();
 				/* hour loop */
 				if (++min >= 60)
--- a/libretroshare/src/rsserver/p3msgs.cc
+++ b/libretroshare/src/rsserver/p3msgs.cc
@ -42,7 +42,7 @@ const int p3facemsgzone = 11453;
 #include "services/p3msgservice.h"
 #include "services/p3chatservice.h"
-#include "pqi/authssl.h"
+#include "pqi/authgpg.h"
 /* external reference point */
 RsMsgs *rsMsgs = NULL;
@ -156,7 +156,7 @@ bool	p3Msgs::getNewChat(std::list<ChatInfo> &chats)
 void p3Msgs::initRsChatInfo(RsChatMsgItem *c, ChatInfo &i)
 {
 	i.rsid = c -> PeerId();
-        i.name = AuthSSL::getAuthSSL()->getName(i.rsid);
+        i.name = rsPeers->getPeerName(c -> PeerId());
 	i.chatflags = 0 ;
 	i.msg  = c -> message;
--- a/libretroshare/src/rsserver/p3peers.cc
+++ b/libretroshare/src/rsserver/p3peers.cc
@ -62,7 +62,6 @@ std::string RsPeerTrustString(uint32_t trustLvl)
 	std::string str;
 #ifdef RS_USE_PGPSSL
 	switch(trustLvl)
 	{
 		default:
@ -86,21 +85,6 @@ std::string RsPeerTrustString(uint32_t trustLvl)
 			break;
 	}
 	return str;
 #endif
 	if (trustLvl == RS_TRUST_LVL_GOOD)
 	{
 		str = "Good";
 	}
 	else if (trustLvl == RS_TRUST_LVL_MARGINAL)
 	{
 		str = "Marginal";
 	}
 	else 
 	{
 		str = "No Trust";
 	}
 	return str;
 }
@ -230,17 +214,17 @@ bool	p3Peers::getFriendList(std::list<std::string> &ids)
 	return true;
 }
-bool	p3Peers::getOthersList(std::list<std::string> &ids)
+//bool	p3Peers::getOthersList(std::list<std::string> &ids)
-{
+//{
-#ifdef P3PEERS_DEBUG
+//#ifdef P3PEERS_DEBUG
-	std::cerr << "p3Peers::getOthersList()";
+//	std::cerr << "p3Peers::getOthersList()";
-	std::cerr << std::endl;
+//	std::cerr << std::endl;
-#endif
+//#endif
-
+//
-	/* get from mAuthMgr */
+//	/* get from mAuthMgr */
-        AuthSSL::getAuthSSL()->getAllList(ids);
+//        AuthSSL::getAuthSSL()->getAllList(ids);
-	return true;
+//	return true;
-}
+//}
 bool    p3Peers::isOnline(std::string id)
 {
@ -295,65 +279,36 @@ bool	p3Peers::getPeerDetails(std::string id, RsPeerDetails &d)
        std::cerr << "p3Peers::getPeerDetails() called for id : " << id << std::endl;
        #endif
        //first, check if it's a gpg or a ssl id.
-        if (AuthSSL::getAuthSSL()->getGPGId(id) == "") {
+        peerConnectState pcs;
-            //assume is not SSL, because every ssl_id has got a pgp_id
+        if (id != AuthSSL::getAuthSSL()->OwnId() && !mConnMgr->getFriendNetStatus(id, pcs)) {
            //assume is not SSL, because every ssl_id has got a friend correspondance in mConnMgr
            #ifdef P3PEERS_DEBUG
            std::cerr << "p3Peers::getPeerDetails() got a gpg id and is returning GPG details only for id : " << id << std::endl;
            #endif
            d.isOnlyGPGdetail = true;
-            return this->getPGPDetails(id, d);
+            return this->getGPGDetails(id, d);
        }
        #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getPeerDetails() got a SSL id and is returning SSL and GPG details for id : " << id << std::endl;
        #endif
        /* get from gpg (first), to fill in the sign and trust details */
        /* don't retrun now, we've got fill in the ssl and connection info */
        this->getPGPDetails(AuthSSL::getAuthSSL()->getGPGId(id), d);
        d.isOnlyGPGdetail = false;
        //get the ssl details
        sslcert authDetail;
        if (!AuthSSL::getAuthSSL()->getCertDetails(id, authDetail)) {
                #ifdef P3PEERS_DEBUG
                std::cerr << "p3Peers::getPeerDetails() got no SSL details, is returning." << std::endl;
                #endif
                return false;
 	}
        d.fpr		= authDetail.fpr;
        d.id 		= authDetail.id;
        //d.name 		= authDetail.name;
        //d.email 	= authDetail.email;
        d.location 	= authDetail.location;
        d.org 		= authDetail.org;
        d.issuer 	= authDetail.issuer;
 	/* generate */
 	d.authcode  	= "AUTHCODE";
 	/* get from mConnectMgr */
 	peerConnectState pcs;
        if (id == AuthSSL::getAuthSSL()->OwnId())
        {
                mConnMgr->getOwnNetStatus(pcs);
        }
 	else if (!mConnMgr->getFriendNetStatus(id, pcs))
 	{
 		if (!mConnMgr->getOthersNetStatus(id, pcs))
 		{
 			/* fill in blank data */
 			d.localPort = 0;
 			d.extPort = 0;
 			d.lastConnect = 0;
 			d.connectPeriod = 0;
 			d.state = 0;
 			d.netMode = 0;
-			return true;
+        /* get from gpg (first), to fill in the sign and trust details */
-		}
+        /* don't retrun now, we've got fill in the ssl and connection info */
-	}
+        this->getGPGDetails(pcs.gpg_id, d);
        d.isOnlyGPGdetail = false;
        //get the ssl details
        d.id 		= id;
        d.location 	= pcs.location;
 	/* generate */
 	d.authcode  	= "AUTHCODE";
 	//TODO : check use of this details
 	// From all addresses, show the most recent one if no address is currently in use.
@ -476,24 +431,53 @@ bool	p3Peers::getPeerDetails(std::string id, RsPeerDetails &d)
 }
-std::string p3Peers::getPeerPGPName(std::string id)
+std::string p3Peers::getGPGName(std::string gpg_id)
 {
 	/* get from mAuthMgr as it should have more peers? */
-        return AuthSSL::getAuthSSL()->getIssuerName(id);
+        return AuthGPG::getAuthGPG()->getGPGName(gpg_id);
 }
-std::string p3Peers::getPeerName(std::string id)
+bool p3Peers::isGPGAccepted(std::string gpg_id_is_friend)
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::getPeerName() " << id;
 	std::cerr << std::endl;
 #endif
        /* get from mAuthMgr as it should have more peers? */
-        return AuthSSL::getAuthSSL()->getName(id);
+        return AuthGPG::getAuthGPG()->isGPGAccepted(gpg_id_is_friend);
 }
-bool	p3Peers::getPGPAllList(std::list<std::string> &ids)
+std::string p3Peers::getPeerName(std::string ssl_or_gpg_id)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getPeerName() " << ssl_or_gpg_id;
 	std::cerr << std::endl;
 #endif
        std::string name;
        if (ssl_or_gpg_id == AuthSSL::getAuthSSL()->OwnId()) {
            return AuthGPG::getAuthGPG()->getGPGOwnName();
        }
        peerConnectState pcs;
        if (mConnMgr->getFriendNetStatus(ssl_or_gpg_id, pcs)) {
    #ifdef P3PEERS_DEBUG
            std::cerr << "p3Peers::getPeerName() got a ssl id. Name is : " << pcs.name;
            std::cerr << std::endl;
    #endif
           return pcs.name;
        }
        return AuthGPG::getAuthGPG()->getGPGName(ssl_or_gpg_id);
 }
 bool	p3Peers::getGPGAllList(std::list<std::string> &ids)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getGPGAllList()";
        std::cerr << std::endl;
 #endif
        /* get from mAuthMgr */
        AuthGPG::getAuthGPG()->getGPGAllList(ids);
        return true;
 }
 bool	p3Peers::getGPGValidList(std::list<std::string> &ids)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getPGPOthersList()";
@ -501,11 +485,11 @@ bool	p3Peers::getPGPAllList(std::list<std::string> &ids)
 #endif
        /* get from mAuthMgr */
-        AuthGPG::getAuthGPG()->getPGPAllList(ids);
+        AuthGPG::getAuthGPG()->getGPGValidList(ids);
        return true;
 }
-bool	p3Peers::getPGPValidList(std::list<std::string> &ids)
+bool	p3Peers::getGPGSignedList(std::list<std::string> &ids)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getPGPOthersList()";
@ -513,23 +497,11 @@ bool	p3Peers::getPGPValidList(std::list<std::string> &ids)
 #endif
        /* get from mAuthMgr */
-        AuthGPG::getAuthGPG()->getPGPValidList(ids);
+        AuthGPG::getAuthGPG()->getGPGSignedList(ids);
        return true;
 }
-bool	p3Peers::getPGPSignedList(std::list<std::string> &ids)
+bool	p3Peers::getGPGAcceptedList(std::list<std::string> &ids)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getPGPOthersList()";
        std::cerr << std::endl;
 #endif
        /* get from mAuthMgr */
        AuthGPG::getAuthGPG()->getPGPSignedList(ids);
        return true;
 }
 bool	p3Peers::getPGPAcceptedList(std::list<std::string> &ids)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getPGPOthersList()";
@ -537,7 +509,7 @@ bool	p3Peers::getPGPAcceptedList(std::list<std::string> &ids)
 #endif
        //TODO implement an additional list of GPG keys that are accepted even if not signed
-        AuthGPG::getAuthGPG()->getPGPSignedList(ids);
+        AuthGPG::getAuthGPG()->getGPGAcceptedList(ids);
        return true;
 }
@ -547,11 +519,28 @@ bool	p3Peers::getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string>
        std::cerr << "p3Peers::getSSLChildListOfGPGId() for id : " << gpg_id;
        std::cerr << std::endl;
 #endif
-
+        ids.clear();
-        return AuthSSL::getAuthSSL()->getSSLChildListOfGPGId(gpg_id, ids);;
+        if (gpg_id == "" ) {
            return false;
        }
        //let's roll throush the friends
        std::list<std::string> friendsIds;
        mConnMgr->getFriendList(friendsIds);
        peerConnectState pcs;
        for (std::list<std::string>::iterator it = friendsIds.begin(); it != friendsIds.end(); it++) {
            mConnMgr->getFriendNetStatus(*it, pcs);
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getSSLChildListOfGPGId() iterating over friends status :id : " << gpg_id;
        std::cerr << std::endl;
 #endif
            if (mConnMgr->getFriendNetStatus(*it, pcs) && pcs.gpg_id == gpg_id) {
                ids.push_back(pcs.id);
            }
        }
        return true;
 }
-bool	p3Peers::getPGPDetails(std::string id, RsPeerDetails &d)
+bool	p3Peers::getGPGDetails(std::string id, RsPeerDetails &d)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getPgpDetails() called for id : " << id;
@ -559,10 +548,10 @@ bool	p3Peers::getPGPDetails(std::string id, RsPeerDetails &d)
 #endif
        /* get from mAuthMgr */
-        return AuthGPG::getAuthGPG()->getPGPDetails(id, d);
+        return AuthGPG::getAuthGPG()->getGPGDetails(id, d);
 }
-std::string p3Peers::getPGPOwnId()
+std::string p3Peers::getGPGOwnId()
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::getPGPOwnId()";
@ -570,10 +559,10 @@ std::string p3Peers::getPGPOwnId()
 #endif
 	/* get from mAuthMgr */
-        return AuthGPG::getAuthGPG()->PGPOwnId();
+        return AuthGPG::getAuthGPG()->getGPGOwnId();
 }
-std::string p3Peers::getPGPId(std::string ssl_id)
+std::string p3Peers::getGPGId(std::string ssl_id)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::getPGPId()";
@ -581,20 +570,39 @@ std::string p3Peers::getPGPId(std::string ssl_id)
 #endif
        /* get from mAuthMgr */
-        return AuthSSL::getAuthSSL()->getGPGId(ssl_id);
+        if (ssl_id == AuthSSL::getAuthSSL()->OwnId()) {
            return AuthGPG::getAuthGPG()->getGPGOwnId();
        }
        peerConnectState pcs;
        if (mConnMgr->getFriendNetStatus(ssl_id, pcs)) {
            return pcs.gpg_id;
        } else {
            return "";
        }
 }
 	/* Add/Remove Friends */
-bool 	p3Peers::addFriend(std::string id)
+bool 	p3Peers::addFriend(std::string id, std::string gpg_id)
 {
 #ifdef P3PEERS_DEBUG
-	std::cerr << "p3Peers::addFriend() " << id;
+        std::cerr << "p3Peers::addFriend() with : id : " << id << "; gpg_id : " << gpg_id << std::endl;
-	std::cerr << std::endl;
+#endif
        if (id == gpg_id) {
            return addDummyFriend(gpg_id);
        } else {
            return mConnMgr->addFriend(id, gpg_id);
        }
 }
 bool 	p3Peers::addDummyFriend(std::string gpg_id)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::addDummyFriend() not implemented yet" << std::endl;
 #endif
-	return mConnMgr->addFriend(id);
+        return false;
 }
 bool 	p3Peers::removeFriend(std::string id)
@ -670,6 +678,15 @@ bool 	p3Peers::setLocalAddress(std::string id, std::string addr_str, uint16_t po
 	return false;
 }
 bool 	p3Peers::setLocation(std::string ssl_id, std::string location)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::setLocation() " << ssl_id;
        std::cerr << std::endl;
 #endif
        return mConnMgr->setLocation(ssl_id, location);
 }
 bool 	p3Peers::setExtAddress(std::string id, std::string addr_str, uint16_t port)
 {
 #ifdef P3PEERS_DEBUG
@ -759,10 +776,10 @@ p3Peers::GetRetroshareInvite()
 	std::cerr << std::endl;
        std::string ownId = AuthSSL::getAuthSSL()->OwnId();
-        std::string certstr = AuthSSL::getAuthSSL()->SaveCertificateToString(ownId);
+        std::string certstr = AuthSSL::getAuthSSL()->SaveOwnCertificateToString();
-        std::string name = AuthSSL::getAuthSSL()->getName(ownId);
+        std::string name = AuthGPG::getAuthGPG()->getGPGOwnName();
-        std::string pgpownId = AuthGPG::getAuthGPG()->PGPOwnId();
+        std::string pgpownId = AuthGPG::getAuthGPG()->getGPGOwnId();
        std::string pgpcertstr = AuthGPG::getAuthGPG()->SaveCertificateToString(pgpownId);
 	std::cerr << "p3Peers::GetRetroshareInvite() SSL Cert:";
@ -785,14 +802,14 @@ p3Peers::GetRetroshareInvite()
 //===========================================================================
-bool 	p3Peers::LoadCertificateFromFile(std::string fname, std::string &id)
+bool 	p3Peers::loadCertificateFromFile(std::string fname, std::string &id, std::string &gpg_id)
 {
 #ifdef P3PEERS_DEBUG
-	std::cerr << "p3Peers::LoadCertificateFromFile() ";
+        std::cerr << "p3Peers::LoadCertificateFromFile() not implemented yet";
 	std::cerr << std::endl;
 #endif
-        return AuthSSL::getAuthSSL()->LoadCertificateFromFile(fname, id);
+        return false;
 }
@ -840,7 +857,7 @@ bool splitCerts(std::string in, std::string &sslcert, std::string &pgpcert)
-bool 	p3Peers::LoadCertificateFromString(std::string cert, std::string &id)
+bool 	p3Peers::loadDetailsFromStringCert(std::string cert, RsPeerDetails &pd)
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::LoadCertificateFromString() ";
@ -849,76 +866,112 @@ bool 	p3Peers::LoadCertificateFromString(std::string cert, std::string &id)
 	std::string sslcert;
 	std::string pgpcert;
-	bool ret = false;
+        bool retGPG = false;
-	if (splitCerts(cert, sslcert, pgpcert))
+        bool retSSL = false;
-	{
+        std::string gpg_id_from_gpg_cert;
-		if (pgpcert != "")
+        std::string gpg_id_from_ssl_cert;
-		{
+        splitCerts(cert, sslcert, pgpcert);
-			std::cerr << "pgpcert .... " << std::endl;
+
        if (pgpcert != "") {
            std::cerr << "p3Peers::LoadDetailsFromStringCert() pgpcert .... " << std::endl;
            std::cerr << pgpcert << std::endl;
-
+            std::string gpg_id;
-                        ret = AuthGPG::getAuthGPG()->LoadCertificateFromString(pgpcert);
+            AuthGPG::getAuthGPG()->LoadCertificateFromString(pgpcert, gpg_id);
            retGPG = AuthGPG::getAuthGPG()->getGPGDetails(gpg_id, pd);
            gpg_id_from_gpg_cert = pd.gpg_id;
        }
-		if (sslcert != "")
+        if (sslcert != "") {
-		{
+            std::cerr << "p3Peers::LoadDetailsFromStringCert() sslcert .... " << std::endl;
 			std::cerr << "sslcert .... " << std::endl;
            std::cerr << sslcert << std::endl;
-
+            retSSL = AuthSSL::getAuthSSL()->LoadDetailsFromStringCert(sslcert, pd);
-                        ret = AuthSSL::getAuthSSL()->LoadCertificateFromString(sslcert, id);
+            gpg_id_from_ssl_cert = pd.gpg_id;
 		}
        }
-	return ret;
+        if (retGPG && retSSL) {
            //check that the ssl_id and gpg_id are corresponding
            if (gpg_id_from_gpg_cert != gpg_id_from_ssl_cert) {
                std::cerr << "p3Peers::LoadDetailsFromStringCert() gpgCert and slCert are not corresponding. Load failed." << std::endl;
                return false;
            }
        }
        return retGPG || retSSL;
 }
-bool 	p3Peers::SaveCertificateToFile(std::string id, std::string fname)
+bool 	p3Peers::saveCertificateToFile(std::string id, std::string fname)
 {
 #ifdef P3PEERS_DEBUG
-	std::cerr << "p3Peers::SaveCertificateToFile() " << id;
+        std::cerr << "p3Peers::SaveCertificateToFile() not implemented yet " << id;
 	std::cerr << std::endl;
 #endif
-	ensureExtension(fname, "pqi");
+//	ensureExtension(fname, "pqi");
-
+//
-        return AuthSSL::getAuthSSL()->SaveCertificateToFile(id, fname);
+//        return AuthSSL::getAuthSSL()->SaveCertificateToFile(id, fname);
        return false;
 }
-std::string p3Peers::SaveCertificateToString(std::string id)
+std::string p3Peers::saveCertificateToString(std::string id)
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::SaveCertificateToString() " << id;
 	std::cerr << std::endl;
 #endif
-
+        if (id == AuthSSL::getAuthSSL()->OwnId()) {
-        return AuthSSL::getAuthSSL()->SaveCertificateToString(id);
+            return AuthSSL::getAuthSSL()->SaveOwnCertificateToString();
        } else {
            return "";
        }
 }
-bool 	p3Peers::SignGPGCertificate(std::string id)
+bool 	p3Peers::signGPGCertificate(std::string id)
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::SignCertificate() " << id;
 	std::cerr << std::endl;
 #endif
-        return AuthGPG::getAuthGPG()->SignCertificateLevel0(id);
+        if (AuthGPG::getAuthGPG()->SignCertificateLevel0(id)) {
            //by default, set the GPG to accept connection
            AuthGPG::getAuthGPG()->setAcceptToConnectGPGCertificate(id, true);
            return true;
        }
        return false;
 }
-bool 	p3Peers::TrustGPGCertificate(std::string id, uint32_t trustlvl)
+bool 	p3Peers::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
 {
 #ifdef P3PEERS_DEBUG
        std::cerr << "p3Peers::setAcceptToConnectGPGCertificate() called with gpg_id : " << gpg_id << ", acceptance : " << acceptance << std::endl;
 #endif
        if (gpg_id != "" && acceptance == false) {
            //remove the friends from the connect manager
            std::list<std::string> sslFriends;
            this->getSSLChildListOfGPGId(gpg_id, sslFriends);
            for (std::list<std::string>::iterator it = sslFriends.begin(); it != sslFriends.end(); it++) {
                mConnMgr->removeFriend(*it);
            }
            return AuthGPG::getAuthGPG()->setAcceptToConnectGPGCertificate(gpg_id, acceptance);
        }
        return AuthGPG::getAuthGPG()->setAcceptToConnectGPGCertificate(gpg_id, acceptance);
 }
 bool 	p3Peers::trustGPGCertificate(std::string id, uint32_t trustlvl)
 {
 #ifdef P3PEERS_DEBUG
 	std::cerr << "p3Peers::TrustCertificate() " << id;
 	std::cerr << std::endl;
 #endif
        //check if we've got a ssl or gpg id
-        if (AuthSSL::getAuthSSL()->getGPGId(id) == "") {
+        if (getGPGId(id) == "") {
            //if no result then it must be a gpg id
            return AuthGPG::getAuthGPG()->TrustCertificate(id, trustlvl);
        } else {
-            return AuthGPG::getAuthGPG()->TrustCertificate(AuthSSL::getAuthSSL()->getGPGId(id), trustlvl);
+            return AuthGPG::getAuthGPG()->TrustCertificate(getGPGId(id), trustlvl);
        }
 }
@ -1015,39 +1068,3 @@ std::ostream &operator<<(std::ostream &out, const RsPeerDetails &detail)
 	return out;
 }
 /********** TRANSLATION ****/
 uint32_t RsPeerTranslateTrust(uint32_t trustLvl)
 {
 /**************** PQI_USE_XPGP ******************/
 #if defined(PQI_USE_XPGP)
 	switch(trustLvl)
 	{
 		case TRUST_SIGN_OWN:
 		case TRUST_SIGN_TRSTED:
 		case TRUST_SIGN_AUTHEN:
 			return RS_TRUST_LVL_GOOD;
 			break;
 		case TRUST_SIGN_BASIC:
 			return RS_TRUST_LVL_MARGINAL;
 			break;
 		case TRUST_SIGN_UNTRUSTED:
 		case TRUST_SIGN_UNKNOWN:
 		case TRUST_SIGN_NONE:
 		default:
 			return RS_TRUST_LVL_UNKNOWN;
 			break;
 	}
 #else /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 #endif /* X509 Certificates */
 /**************** PQI_USE_XPGP ******************/
 	return RS_TRUST_LVL_UNKNOWN;
 }
--- a/libretroshare/src/rsserver/p3peers.h
+++ b/libretroshare/src/rsserver/p3peers.h
@ -45,30 +45,33 @@ virtual std::string getOwnId();
 virtual bool	getOnlineList(std::list<std::string> &ids);
 virtual bool	getFriendList(std::list<std::string> &ids);
-virtual bool	getOthersList(std::list<std::string> &ids);
+//virtual bool	getOthersList(std::list<std::string> &ids);
 virtual bool    isOnline(std::string id);
 virtual bool    isFriend(std::string id);
-virtual std::string getPeerPGPName(std::string pgp_id);
+virtual bool    isGPGAccepted(std::string gpg_id_is_friend); //
-virtual std::string getPeerName(std::string id);
+virtual std::string getGPGName(std::string gpg_id);
 virtual std::string getPeerName(std::string ssl_or_gpg_id);
 virtual bool	getPeerDetails(std::string id, RsPeerDetails &d);
                /* Using PGP Ids */
-virtual std::string getPGPOwnId();
+virtual std::string getGPGOwnId();
-virtual std::string getPGPId(std::string ssl_id);
+virtual std::string getGPGId(std::string ssl_id);
-virtual bool    getPGPAcceptedList(std::list<std::string> &ids);
+virtual bool    getGPGAcceptedList(std::list<std::string> &ids);
-virtual bool    getPGPSignedList(std::list<std::string> &ids);
+virtual bool    getGPGSignedList(std::list<std::string> &ids);
-virtual bool    getPGPValidList(std::list<std::string> &ids);
+virtual bool    getGPGValidList(std::list<std::string> &ids);
-virtual bool    getPGPAllList(std::list<std::string> &ids);
+virtual bool    getGPGAllList(std::list<std::string> &ids);
-virtual bool	getPGPDetails(std::string id, RsPeerDetails &d);
+virtual bool	getGPGDetails(std::string id, RsPeerDetails &d);
 virtual bool    getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
 	/* Add/Remove Friends */
-virtual	bool addFriend(std::string id);
+virtual	bool addFriend(std::string ssl_id, std::string gpg_id);
-virtual	bool removeFriend(std::string id);
+virtual	bool addDummyFriend(std::string gpg_id); //we want to add a empty ssl friend for this gpg id
 virtual	bool removeFriend(std::string ssl_id);
 	/* Network Stuff */
 virtual	bool connectAttempt(std::string id);
 virtual bool setLocation(std::string ssl_id, std::string location);//location is shown in the gui to differentiate ssl certs
 virtual	bool setLocalAddress(std::string id, std::string addr, uint16_t port);
 virtual	bool setExtAddress(std::string id, std::string addr, uint16_t port);
 virtual	bool setNetworkMode(std::string id, uint32_t netMode);
@ -83,13 +86,14 @@ virtual bool getAllowTunnelConnection() ;
 	/* Auth Stuff */
 virtual	std::string GetRetroshareInvite();
-virtual	bool LoadCertificateFromFile(std::string fname, std::string &id);
+virtual	bool loadCertificateFromFile(std::string fname, std::string &id, std::string &gpg_id);
-virtual	bool LoadCertificateFromString(std::string cert, std::string &id);
+virtual	bool loadDetailsFromStringCert(std::string cert, RsPeerDetails &pd);
-virtual	bool SaveCertificateToFile(std::string id, std::string fname);
+virtual	bool saveCertificateToFile(std::string id, std::string fname);
-virtual	std::string SaveCertificateToString(std::string id);
+virtual	std::string saveCertificateToString(std::string id);
-virtual	bool SignGPGCertificate(std::string id);
+virtual	bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance);
-virtual	bool TrustGPGCertificate(std::string id, uint32_t trustlvl);
+virtual	bool signGPGCertificate(std::string id);
 virtual	bool trustGPGCertificate(std::string id, uint32_t trustlvl);
 	private:
--- a/libretroshare/src/rsserver/rsinit.cc
+++ b/libretroshare/src/rsserver/rsinit.cc
@ -765,7 +765,7 @@ static bool checkAccount(std::string accountdir, accountId &id)
                /* Generating GPGme Account */
 int      RsInit::GetPGPLogins(std::list<std::string> &pgpIds) {
-        AuthGPG::getAuthGPG()->availablePGPCertificatesWithPrivateKeys(pgpIds);
+        AuthGPG::getAuthGPG()->availableGPGCertificatesWithPrivateKeys(pgpIds);
 	return 1;
 }
@ -774,8 +774,8 @@ int      RsInit::GetPGPLoginDetails(std::string id, std::string &name, std::stri
        std::cerr << "RsInit::GetPGPLoginDetails for \"" << id << "\"";
        std::cerr << std::endl;
-        name = AuthGPG::getAuthGPG()->getPGPName(id);
+        name = AuthGPG::getAuthGPG()->getGPGName(id);
-        email = AuthGPG::getAuthGPG()->getPGPEmail(id);
+        email = AuthGPG::getAuthGPG()->getGPGEmail(id);
        if (name != "") {
            return 1;
        } else {
@ -1875,7 +1875,7 @@ int RsServer::StartupRetroShare()
        AuthSSL::getAuthSSL() -> setConfigDirectories(certConfigFile, certNeighDir);
-        AuthSSL::getAuthSSL() -> loadCertificates();
+        //AuthSSL::getAuthSSL() -> loadCertificates();
 	/**************************************************************************/
 	/* setup classes / structures */
@ -1888,11 +1888,11 @@ int RsServer::StartupRetroShare()
        mConnMgr = new p3ConnectMgr();
        AuthSSL::getAuthSSL()->mConnMgr = mConnMgr;
        //load all the SSL certs as friends
-        std::list<std::string> sslIds;
+//        std::list<std::string> sslIds;
-        AuthSSL::getAuthSSL()->getAuthenticatedList(sslIds);
+//        AuthSSL::getAuthSSL()->getAuthenticatedList(sslIds);
-        for (std::list<std::string>::iterator sslIdsIt = sslIds.begin(); sslIdsIt != sslIds.end(); sslIdsIt++) {
+//        for (std::list<std::string>::iterator sslIdsIt = sslIds.begin(); sslIdsIt != sslIds.end(); sslIdsIt++) {
-            mConnMgr->addFriend(*sslIdsIt);
+//            mConnMgr->addFriend(*sslIdsIt);
-        }
+//        }
 	pqiNetAssistFirewall *mUpnpMgr = new upnphandler();
        //p3DhtMgr  *mDhtMgr  = new OpenDHTMgr(ownId, mConnMgr, RsInitConfig::configDir);
--- a/libretroshare/src/serialiser/rsconfigitems.cc
+++ b/libretroshare/src/serialiser/rsconfigitems.cc
@ -729,6 +729,8 @@ RsPeerNetItem::~RsPeerNetItem()
 void RsPeerNetItem::clear()
 {
 	pid.clear();
        gpg_id.clear();
        location.clear();
 	netMode = 0;
 	visState = 0;
 	lastContact = 0;
@ -745,6 +747,12 @@ std::ostream &RsPeerNetItem::print(std::ostream &out, uint16_t indent)
 	printIndent(out, int_Indent);
    	out << "PeerId: " << pid << std::endl; 
        printIndent(out, int_Indent);
        out << "GPGid: " << gpg_id << std::endl;
        printIndent(out, int_Indent);
        out << "location: " << location << std::endl;
    	printIndent(out, int_Indent);
 	out << "netMode: " << netMode << std::endl;
@ -772,6 +780,8 @@ uint32_t RsPeerConfigSerialiser::sizeNet(RsPeerNetItem *i)
 {	
 	uint32_t s = 8; /* header */
 	s += GetTlvStringSize(i->pid); /* peerid */ 
        s += GetTlvStringSize(i->gpg_id);
        s += GetTlvStringSize(i->location);
        s += 4; /* netMode */
 	s += 4; /* visState */
 	s += 4; /* lastContact */
@ -813,6 +823,8 @@ bool RsPeerConfigSerialiser::serialiseNet(RsPeerNetItem *item, void *data, uint3
 	/* add mandatory parts first */
        ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_PEERID, item->pid); /* Mandatory */
        ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_GPGID, item->gpg_id); /* Mandatory */
        ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_LOCATION, item->location); /* Mandatory */
        ok &= setRawUInt32(data, tlvsize, &offset, item->netMode); /* Mandatory */
 	ok &= setRawUInt32(data, tlvsize, &offset, item->visState); /* Mandatory */
 	ok &= setRawUInt32(data, tlvsize, &offset, item->lastContact); /* Mandatory */
@ -871,6 +883,8 @@ RsPeerNetItem *RsPeerConfigSerialiser::deserialiseNet(void *data, uint32_t *size
 	/* get mandatory parts first */
        ok &= GetTlvString(data, rssize, &offset, TLV_TYPE_STR_PEERID, item->pid); /* Mandatory */
        ok &= GetTlvString(data, rssize, &offset, TLV_TYPE_STR_GPGID, item->gpg_id); /* Mandatory */
        ok &= GetTlvString(data, rssize, &offset, TLV_TYPE_STR_LOCATION, item->location); /* Mandatory */
        ok &= getRawUInt32(data, rssize, &offset, &(item->netMode)); /* Mandatory */
 	ok &= getRawUInt32(data, rssize, &offset, &(item->visState)); /* Mandatory */
 	ok &= getRawUInt32(data, rssize, &offset, &(item->lastContact)); /* Mandatory */
--- a/libretroshare/src/serialiser/rsconfigitems.h
+++ b/libretroshare/src/serialiser/rsconfigitems.h
@ -71,6 +71,8 @@ std::ostream &print(std::ostream &out, uint16_t indent = 0);
 	/* networking information */
 	std::string pid;                          /* Mandatory */
        std::string gpg_id;                          /* Mandatory */
        std::string location;                          /* not Mandatory */
        uint32_t    netMode;                      /* Mandatory */
 	uint32_t    visState;                     /* Mandatory */
 	uint32_t    lastContact;                  /* Mandatory */
--- a/libretroshare/src/serialiser/rsdiscitems.cc
+++ b/libretroshare/src/serialiser/rsdiscitems.cc
@ -369,7 +369,7 @@ void 	RsDiscReply::clear()
 	contact_tf = 0;
 	discFlags = 0;
 	aboutId.clear();
-	certDER.TlvClear();
+        certGPG.clear();
        ipAddressList.clear();
 }
@ -393,6 +393,12 @@ std::ostream &RsDiscReply::print(std::ostream &out, uint16_t indent)
        printIndent(out, int_Indent);
        out << "DiscFlags:  " << discFlags  << std::endl;
        printIndent(out, int_Indent);
        out << "AboutId:  " << aboutId  << std::endl;
        printIndent(out, int_Indent);
        out << "certGPG:  " << certGPG  << std::endl;
        printIndent(out, int_Indent);
        out << "IpAddressListSize:  " << ipAddressList.size()  << std::endl;
@ -403,10 +409,6 @@ std::ostream &RsDiscReply::print(std::ostream &out, uint16_t indent)
               out << inet_ntoa(ipListIt->ipAddr.sin_addr) << ":" << ntohs(ipListIt->ipAddr.sin_port) << " seenTime : " << ipListIt->seenTime << std::endl;
        }
        printIndent(out, int_Indent);
        out << "AboutId:  " << aboutId  << std::endl;
 	certDER.print(out, int_Indent);
        printRsItemEnd(out, "RsDiscReply", indent);
        return out;
 }
@ -420,7 +422,7 @@ uint32_t    RsDiscSerialiser::sizeReply(RsDiscReply *item)
 	s += 2; /* connect_tr */
 	s += 4; /* discFlags  */
 	s += GetTlvStringSize(item->aboutId);
-	s += item->certDER.TlvSize();
+        s += GetTlvStringSize(item->certGPG);
        s += 4; /* ipaddress list size  */
 	//add the size of the ip list
@ -462,7 +464,7 @@ bool     RsDiscSerialiser::serialiseReply(RsDiscReply *item, void *data, uint32_
 	ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_PEERID, item->aboutId);
-	ok &= item->certDER.SetTlv(data, tlvsize, &offset);
+        ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_CERT_GPG, item->certGPG);
        ok &= setRawUInt32(data, tlvsize, &offset, item->ipAddressList.size());
@ -533,7 +535,9 @@ RsDiscReply *RsDiscSerialiser::deserialiseReply(void *data, uint32_t *pktsize)
 	ok &= GetTlvString(data, rssize, &offset,
 					TLV_TYPE_STR_PEERID, item->aboutId);
-	ok &= item->certDER.GetTlv(data, rssize, &offset);
+
        ok &= GetTlvString(data, rssize, &offset,
                                        TLV_TYPE_STR_CERT_GPG, item->certGPG);
        uint32_t listSize;
        ok &= getRawUInt32(data, rssize, &offset, &listSize);
--- a/libretroshare/src/serialiser/rsdiscitems.h
+++ b/libretroshare/src/serialiser/rsdiscitems.h
@ -77,8 +77,7 @@ class RsDiscReply: public RsDiscItem
 	public:
 	RsDiscReply()
-	:RsDiscItem(RS_PKT_SUBTYPE_DISC_REPLY),
+        :RsDiscItem(RS_PKT_SUBTYPE_DISC_REPLY)
 	certDER(TLV_TYPE_CERT_XPGP_DER)
 	{ return; }
 virtual ~RsDiscReply();
@ -99,7 +98,7 @@ virtual std::ostream &print(std::ostream &out, uint16_t indent = 0);
 	uint32_t discFlags;
 	std::string aboutId;
-	RsTlvBinaryData certDER;
+        std::string certGPG;
 };
 class RsDiscIssuer: public RsDiscItem
--- a/libretroshare/src/serialiser/rstlvbase.h
+++ b/libretroshare/src/serialiser/rstlvbase.h
@ -130,6 +130,9 @@ const uint16_t TLV_TYPE_STR_MSG       = 0x0057;
 const uint16_t TLV_TYPE_STR_SUBJECT   = 0x0058;
 const uint16_t TLV_TYPE_STR_LINK      = 0x0059;
 const uint16_t TLV_TYPE_STR_GENID     = 0x005a;
 const uint16_t TLV_TYPE_STR_GPGID     = 0x005b;
 const uint16_t TLV_TYPE_STR_LOCATION  = 0x005c;
 const uint16_t TLV_TYPE_STR_CERT_GPG  = 0x005d;
 /* Wide Chars (4 bytes per char) for internationalisation */
 const uint16_t TLV_TYPE_WSTR_PEERID   = 0x0060;
--- a/libretroshare/src/services/p3disc.cc
+++ b/libretroshare/src/services/p3disc.cc
@ -492,45 +492,9 @@ void p3disc::sendPeerDetails(std::string to, std::string about)
 		di->discFlags |= P3DISC_FLAGS_PEER_ONLINE;
 	}
 	// Add 3rd party trust info
 	// We look at peers that trust 'to', by looking into 'to''s tigners list. The problem is that
 	// signers are accessible through their names instead of their id, so there is ambiguity if too peers
 	// have the same names. @DrBob: that would be cool to save signers using their ids...
 	//
 	RsPeerDetails pd ;
 	std::string name = rsPeers->getPeerName(about) ;
 	if(rsPeers->getPeerDetails(to,pd))
                for(std::list<std::string>::const_iterator it(pd.gpgSigners.begin());it!=pd.gpgSigners.end();++it)
 			if(*it == name)
 			{
 				di->discFlags |= P3DISC_FLAGS_PEER_TRUSTS_ME;
 #ifdef P3DISC_DEBUG
 				std::cerr << "   Peer " << about << "(" << name << ")" << " is trusting " << to << ", sending info." << std::endl ;
 #endif
 			}
 	uint32_t certLen = 0;
-	unsigned char **binptr = (unsigned char **) &(di -> certDER.bin_data);
+        di -> certGPG = AuthGPG::getAuthGPG()->SaveCertificateToString(about);
        AuthSSL::getAuthSSL()->SaveCertificateToBinary(about, binptr, &certLen);
 #ifdef P3DISC_DEBUG
 	std::cerr << "Saved certificate to binary in p3discReply. Length=" << certLen << std::endl ;
 #endif
 	if (certLen > 0)
 	{
 		di -> certDER.bin_len = certLen;
 #ifdef P3DISC_DEBUG
 		std::cerr << "Cert Encoded(" << certLen << ")" << std::endl;
 #endif
 	}
 	else
 	{
 #ifdef P3DISC_DEBUG
 		std::cerr << "Failed to Encode Cert" << std::endl;
 #endif
 		di -> certDER.bin_len = 0;
 	}
        // Send off message
 #ifdef P3DISC_DEBUG
@ -562,7 +526,7 @@ void p3disc::sendPeerIssuer(std::string to, std::string about)
 #endif
 	}
-        std::string aboutIssuerId = AuthSSL::getAuthSSL()->getGPGId(about);
+        std::string aboutIssuerId = rsPeers->getGPGId(about);
 	if (aboutIssuerId == "")
 	{
 		/* major error! */
@ -709,15 +673,6 @@ void p3disc::recvPeerFriendMsg(RsDiscReply *item)
 #endif
 	/* tells us their exact address (mConnectMgr can ignore if it looks wrong) */
 	/* load certificate */
 	std::string peerId;
 	uint8_t *certptr = (uint8_t *) item->certDER.bin_data;
 	uint32_t len = item->certDER.bin_len;
        bool loaded = AuthSSL::getAuthSSL()->LoadCertificateFromBinary(certptr, len, peerId);
 	uint32_t type = 0;
 	uint32_t flags = 0;
@ -727,7 +682,7 @@ void p3disc::recvPeerFriendMsg(RsDiscReply *item)
 	if (item->discFlags & P3DISC_FLAGS_PEER_ONLINE) flags |= RS_NET_FLAGS_ONLINE;
 	if (item->discFlags & P3DISC_FLAGS_PEER_TRUSTS_ME)
 	{
-		std::cerr << "  Found a peer that trust me: " << peerId << " (" << rsPeers->getPeerName(peerId) << ")" << std::endl ;
+                std::cerr << "  Found a peer that trust me: " << item->aboutId << " (" << rsPeers->getPeerName(item->aboutId) << ")" << std::endl ;
 		flags |= RS_NET_FLAGS_TRUSTS_ME;
 	}
@ -746,16 +701,16 @@ void p3disc::recvPeerFriendMsg(RsDiscReply *item)
 	}
 	/* only valid certs, and not ourselves */
-	if ((loaded) && (peerId != mConnMgr->getOwnId()))
+        if ((item->aboutId != mConnMgr->getOwnId()))
 	{
-		mConnMgr->peerStatus(peerId, item->currentladdr, item->currentsaddr, item->ipAddressList, type, flags, RS_CB_DISC);
+                mConnMgr->peerStatus(item->aboutId, item->currentladdr, item->currentsaddr, item->ipAddressList, type, flags, RS_CB_DISC);
-		std::string hashid1 = RsUtil::HashId(peerId, false);
+                std::string hashid1 = RsUtil::HashId(item->aboutId, false);
 		mConnMgr->stunStatus(hashid1, item->currentsaddr, type, RS_STUN_FRIEND_OF_FRIEND);
 	}
        /* send Own Ip list to connect manager. It will extract the external ip address from it */
-        if (peerId == mConnMgr->getOwnId())
+        if (item->aboutId == mConnMgr->getOwnId())
        {
                //setAddressList might also set our own external address
                mConnMgr->setAddressList(mConnMgr->getOwnId(), item->ipAddressList);
@ -778,7 +733,7 @@ void p3disc::recvPeerFriendMsg(RsDiscReply *item)
        }
-	addDiscoveryData(item->PeerId(), peerId, item->currentladdr, item->currentsaddr, item->discFlags, time(NULL));
+        addDiscoveryData(item->PeerId(), item->aboutId, item->currentladdr, item->currentsaddr, item->discFlags, time(NULL));
 	rsicontrol->getNotify().notifyListChange(NOTIFY_LIST_NEIGHBOURS, NOTIFY_TYPE_MOD);
@ -799,8 +754,8 @@ void p3disc::recvPeerIssuerMsg(RsDiscIssuer *item)
 	/* tells us their exact address (mConnectMgr can ignore if it looks wrong) */
 	/* load certificate */
-	std::string peerId;
+        std::string gpgId;
-        bool loaded = AuthGPG::getAuthGPG()->LoadCertificateFromString(item->issuerCert);
+        bool loaded = AuthGPG::getAuthGPG()->LoadCertificateFromString(item->issuerCert, gpgId);
 	/* cleanup (handled by caller) */
--- a/libretroshare/src/services/p3distrib.cc
+++ b/libretroshare/src/services/p3distrib.cc
@ -1732,7 +1732,7 @@ std::string	p3GroupDistrib::publishMsg(RsDistribMsg *msg, bool personalSign)
                if (AuthGPG::getAuthGPG()->SignDataBin(data, size, sigbuf, &siglen))
 		{
 			signedMsg->personalSignature.signData.setBinData(sigbuf, siglen);
-                        signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->PGPOwnId();
+                        signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->getGPGOwnId();
 		}
 	}
@ -2451,7 +2451,7 @@ bool 	p3GroupDistrib::locked_validateDistribSignedMsg(
 	std::cerr << std::endl;
 #endif
-        if (AuthGPG::getAuthGPG()->isPGPValid(newMsg->personalSignature.keyId))
+        if (AuthGPG::getAuthGPG()->isGPGValid(newMsg->personalSignature.keyId))
 	{
 #ifdef DISTRIB_DEBUG
 		std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Peer Known";
--- a/retroshare-gui/src/gui/NetworkDialog.cpp
+++ b/retroshare-gui/src/gui/NetworkDialog.cpp
@ -188,10 +188,10 @@ void NetworkDialog::connecttreeWidgetCostumPopupMenu( QPoint point )
                // That's what context menus are made for
 		RsPeerDetails detail;
-                if(!rsPeers->getPGPDetails(peer_id, detail))		// that is not suppose to fail.
+                if(!rsPeers->getGPGDetails(peer_id, detail))		// that is not suppose to fail.
 			return ;
-                if(peer_id != rsPeers->getPGPOwnId())
+                if(peer_id != rsPeers->getGPGOwnId())
 		{
                        if(detail.ownsign)
 			{
@ -217,7 +217,7 @@ void NetworkDialog::connecttreeWidgetCostumPopupMenu( QPoint point )
 #endif
 			}
 		}
-                if (  peer_id == rsPeers->getPGPOwnId())
+                if (  peer_id == rsPeers->getGPGOwnId())
 		{
 		    exportcertAct = new QAction(QIcon(IMAGE_EXPIORT), tr( "Export my Cert" ), this );
 		    connect( exportcertAct , SIGNAL( triggered() ), this, SLOT( on_actionExportKey_activated() ) );
@ -260,8 +260,8 @@ void NetworkDialog::makeFriend()
 	QTreeWidgetItem *wi = getCurrentNeighbour();
        std::string authId = wi->text(4).toStdString() ;
-        rsPeers->SignGPGCertificate(authId);
+        rsPeers->signGPGCertificate(authId);
-	rsPeers->addFriend(authId);
+        rsPeers->addDummyFriend(authId);
 	insertConnect() ;
 }
@ -348,9 +348,9 @@ void NetworkDialog::insertConnect()
        std::list<std::string> neighs; //these are GPG ids
 	std::list<std::string>::iterator it;
        if (ui.showUnvalidKeys->isChecked()) {
-            rsPeers->getPGPAllList(neighs);
+            rsPeers->getGPGAllList(neighs);
        } else {
-            rsPeers->getPGPValidList(neighs);
+            rsPeers->getGPGValidList(neighs);
        }
 	/* get a link to the table */
@ -364,17 +364,17 @@ void NetworkDialog::insertConnect()
 	}
        RsPeerDetails ownGPGDetails ;
-        rsPeers->getPGPDetails(rsPeers->getPGPOwnId(), ownGPGDetails);
+        rsPeers->getGPGDetails(rsPeers->getGPGOwnId(), ownGPGDetails);
        QList<QTreeWidgetItem *> items;
 	for(it = neighs.begin(); it != neighs.end(); it++)
 	{
-                if (*it == rsPeers->getPGPOwnId()) {
+                if (*it == rsPeers->getGPGOwnId()) {
                    continue;
                }
                RsPeerDetails detail;
-                if (!rsPeers->getPGPDetails(*it, detail))
+                if (!rsPeers->getGPGDetails(*it, detail))
                {
                        continue; /* BAD */
                }
@ -525,9 +525,10 @@ std::string NetworkDialog::loadneighbour()
 	std::string file = fileName.toStdString();
 	std::string id;
        std::string gpg_id;
 	if (file != "")
 	{
-        	rsPeers->LoadCertificateFromFile(file, id);
+                rsPeers->loadCertificateFromFile(file, id, gpg_id);
 	}
 	return id;
 }
@ -608,7 +609,7 @@ void NetworkDialog::on_actionExportKey_activated()
                                                QDir::homePath(),
                                                "RetroShare Certificate (*.pqi)");
-    if ( rsPeers->SaveCertificateToFile(rsPeers->getOwnId(), qdir.toStdString()) )
+    if ( rsPeers->saveCertificateToFile(rsPeers->getOwnId(), qdir.toStdString()) )
    {
        QMessageBox::information(this, tr("RetroShare"),
                         tr("Certificate file successfully created"),
--- a/retroshare-gui/src/gui/NetworkView.cpp
+++ b/retroshare-gui/src/gui/NetworkView.cpp
@ -149,8 +149,8 @@ void  NetworkView::insertPeers()
 	/* add all friends */
 	std::list<std::string> ids;
 	std::list<std::string>::iterator it;
- 	rsPeers->getPGPAllList(ids);
+        rsPeers->getGPGAllList(ids);
-	std::string ownId = rsPeers->getPGPOwnId();
+        std::string ownId = rsPeers->getGPGOwnId();
 	std::cerr << "NetworkView::insertPeers()" << std::endl;
@ -326,9 +326,9 @@ void  NetworkView::insertSignatures()
 	/* iterate through all friends */
 	std::list<std::string> ids;
 	std::list<std::string>::iterator it, sit;
-	std::string ownId = rsPeers->getPGPOwnId();
+        std::string ownId = rsPeers->getGPGOwnId();
- 	rsPeers->getPGPAllList(ids);
+        rsPeers->getGPGAllList(ids);
 	std::cerr << "NetworkView::insertSignatures()" << std::endl;
--- a/retroshare-gui/src/gui/PeersDialog.cpp
+++ b/retroshare-gui/src/gui/PeersDialog.cpp
@ -272,7 +272,7 @@ void  PeersDialog::insertPeers()
                return;
        }
-        rsPeers->getPGPAcceptedList(gpgFriends);
+        rsPeers->getGPGAcceptedList(gpgFriends);
        /* get a link to the table */
        QTreeWidget *peerWidget = ui.peertreeWidget;
@ -287,9 +287,11 @@ void  PeersDialog::insertPeers()
        //add the gpg friends
        for(it = gpgFriends.begin(); it != gpgFriends.end(); it++) {
-            if (*it == rsPeers->getPGPOwnId()) {
+            std::cerr << "" << *it << std::endl;
            if (*it == rsPeers->getGPGOwnId()) {
                continue;
            }
            RsPeerDetails detail;
            if (!rsPeers->getPeerDetails(*it, detail)) {
                    continue; /* BAD */
@ -297,7 +299,7 @@ void  PeersDialog::insertPeers()
            /* make a widget per friend */
            QTreeWidgetItem *item;
-                QList<QTreeWidgetItem *> list = peerWidget->findItems (QString::fromStdString(detail.id), Qt::MatchExactly, 3);
+            QList<QTreeWidgetItem *> list = peerWidget->findItems (QString::fromStdString(detail.gpg_id), Qt::MatchExactly, 3);
            if (list.size() == 1) {
                item = list.front();
            } else {
@ -321,7 +323,7 @@ void  PeersDialog::insertPeers()
            //item->takeChildren();
            std::list<std::string> sslContacts;
-                rsPeers->getSSLChildListOfGPGId(detail.id, sslContacts);
+            rsPeers->getSSLChildListOfGPGId(detail.gpg_id, sslContacts);
            for(std::list<std::string>::iterator sslIt = sslContacts.begin(); sslIt != sslContacts.end(); sslIt++) {
                RsPeerDetails sslDetail;
                if (!rsPeers->getPeerDetails(*sslIt, sslDetail)) {
@ -443,7 +445,7 @@ void PeersDialog::exportfriend()
 #endif
 		if (rsPeers)
 		{
-			rsPeers->SaveCertificateToFile(id, file);
+                        rsPeers->saveCertificateToFile(id, file);
 		}
 	}
--- a/retroshare-gui/src/gui/TrustView.cpp
+++ b/retroshare-gui/src/gui/TrustView.cpp
@ -142,7 +142,7 @@ void TrustView::update()
 	std::list<std::string> neighs;
-	if(!rsPeers->getOthersList(neighs))
+//	if(!rsPeers->getOthersList(neighs))
 		return ;
 //	neighs.push_back(rsPeers->getPGPOwnId()) ;
--- a/retroshare-gui/src/gui/connect/ConfCertDialog.cpp
+++ b/retroshare-gui/src/gui/connect/ConfCertDialog.cpp
@ -106,8 +106,7 @@ void ConfCertDialog::loadDialog()
 	ui.name->setText(QString::fromStdString(detail.name));
        ui.peerid->setText(QString::fromStdString(detail.id));
        if (!detail.isOnlyGPGdetail) {
-            ui.orgloc->setText(QString::fromStdString(detail.org));
+            ui.loc->setText(QString::fromStdString(detail.location));
            ui.country->setText(QString::fromStdString(detail.location));
            // Dont Show a timestamp in RS calculate the day
            QDateTime date = QDateTime::fromTime_t(detail.lastConnect);
            QString stime = date.toString(Qt::LocalDate);
@ -133,25 +132,21 @@ void ConfCertDialog::loadDialog()
            for(std::list<std::string>::const_iterator it(detail.ipAddressList.begin());it!=detail.ipAddressList.end();++it)
                   ui.ipAddressList->addItem(QString::fromStdString(*it));
-            ui.orgloc->show();
+            ui.loc->show();
-            ui.label_11->show();
+            ui.label_loc->show();
            ui.country->show();
            ui.label_8->show();
            ui.lastcontact->show();
-            ui.label_7->show();
+            ui.label_last_contact->show();
            ui.version->show();
-            ui.label_3->show();
+            ui.label_version->show();
            ui.groupBox->show();
        } else {
-            ui.orgloc->hide();
+            ui.loc->hide();
-            ui.label_11->hide();
+            ui.label_loc->hide();
            ui.country->hide();
            ui.label_8->hide();
            ui.lastcontact->hide();
-            ui.label_7->hide();
+            ui.label_last_contact->hide();
            ui.version->hide();
-            ui.label_3->hide();
+            ui.label_version->hide();
            ui.groupBox->hide();
        }
@ -201,7 +196,7 @@ void ConfCertDialog::loadDialog()
        ui.signers->clear() ;
        for(std::list<std::string>::const_iterator it(detail.gpgSigners.begin());it!=detail.gpgSigners.end();++it) {	
            RsPeerDetails signerDetail;
-            if (rsPeers->getPGPDetails(*it, signerDetail)) {
+            if (rsPeers->getGPGDetails(*it, signerDetail)) {
                ui.signers->append(QString::fromStdString(signerDetail.name));
            }
        }
@ -214,7 +209,7 @@ void ConfCertDialog::applyDialog()
        RsPeerDetails detail;
 	if (!rsPeers->getPeerDetails(mId, detail))
 	{
-            if (!rsPeers->getPGPDetails(mId, detail)) {
+            if (!rsPeers->getGPGDetails(mId, detail)) {
                QMessageBox::information(this,
                         tr("RetroShare"),
                         tr("Error : cannot get peer details."));
@ -225,12 +220,11 @@ void ConfCertDialog::applyDialog()
        //check the GPG trustlvl
        if (ui.radioButton_trust_fully->isChecked() && detail.trustLvl != 4) {
            //trust has changed to fully
-            rsPeers->TrustGPGCertificate(detail.id, 4);
+            rsPeers->trustGPGCertificate(detail.id, 4);
        } else if (ui.radioButton_trust_marginnaly->isChecked() && detail.trustLvl != 3) {
-            rsPeers->TrustGPGCertificate(detail.id, 3);
+            rsPeers->trustGPGCertificate(detail.id, 3);
        } else if (ui.radioButton_trust_never->isChecked() && detail.trustLvl != 2) {
-            rsPeers->TrustGPGCertificate(detail.id, 2);
+            rsPeers->trustGPGCertificate(detail.id, 2);
        }
        if (!detail.isOnlyGPGdetail) {
@ -262,6 +256,6 @@ void ConfCertDialog::applyDialog()
 void ConfCertDialog::makeFriend()
 {
-        rsPeers->SignGPGCertificate(mId);
+        rsPeers->signGPGCertificate(mId);
        loadDialog();
 }
--- a/retroshare-gui/src/gui/connect/ConfCertDialog.ui
+++ b/retroshare-gui/src/gui/connect/ConfCertDialog.ui
@ -21,7 +21,7 @@
   <item row="0" column="0">
    <widget class="QTabWidget" name="stabWidget">
     <property name="currentIndex">
-      <number>1</number>
+      <number>0</number>
     </property>
     <widget class="QWidget" name="tab">
      <attribute name="icon">
@ -39,7 +39,7 @@
         </property>
         <layout class="QGridLayout" name="_2">
          <item row="0" column="0">
-           <widget class="QLabel" name="label_10">
+           <widget class="QLabel" name="label_name">
            <property name="text">
             <string>Name:</string>
            </property>
@ -52,76 +52,62 @@
            </property>
           </widget>
          </item>
          <item row="1" column="0">
           <widget class="QLabel" name="label_11">
            <property name="text">
             <string>Org / Loc:</string>
            </property>
           </widget>
          </item>
          <item row="1" column="1">
           <widget class="QLineEdit" name="orgloc">
            <property name="readOnly">
             <bool>true</bool>
            </property>
           </widget>
          </item>
          <item row="2" column="0">
-           <widget class="QLabel" name="label_8">
+           <widget class="QLabel" name="label_id">
            <property name="text">
             <string>Country/State:</string>
            </property>
           </widget>
          </item>
          <item row="2" column="1">
           <widget class="QLineEdit" name="country">
            <property name="readOnly">
             <bool>true</bool>
            </property>
           </widget>
          </item>
          <item row="3" column="0">
           <widget class="QLabel" name="label_6">
            <property name="text">
             <string>Peer ID</string>
            </property>
           </widget>
          </item>
-          <item row="3" column="1">
+          <item row="2" column="1">
           <widget class="QLineEdit" name="peerid">
            <property name="readOnly">
             <bool>true</bool>
            </property>
           </widget>
          </item>
-          <item row="4" column="0">
+          <item row="5" column="0">
-           <widget class="QLabel" name="label_7">
+           <widget class="QLabel" name="label_last_contact">
            <property name="text">
             <string>Last Contact</string>
            </property>
           </widget>
          </item>
-          <item row="4" column="1">
+          <item row="5" column="1">
           <widget class="QLineEdit" name="lastcontact">
            <property name="readOnly">
             <bool>true</bool>
            </property>
           </widget>
          </item>
-          <item row="5" column="1">
+          <item row="6" column="1">
           <widget class="QLineEdit" name="version">
            <property name="readOnly">
             <bool>true</bool>
            </property>
           </widget>
          </item>
-          <item row="5" column="0">
+          <item row="6" column="0">
-           <widget class="QLabel" name="label_3">
+           <widget class="QLabel" name="label_version">
            <property name="text">
             <string>Version</string>
            </property>
           </widget>
          </item>
          <item row="4" column="0">
           <widget class="QLabel" name="label_loc">
            <property name="text">
             <string>Loc:</string>
            </property>
           </widget>
          </item>
          <item row="4" column="1">
           <widget class="QLineEdit" name="loc">
            <property name="readOnly">
             <bool>true</bool>
            </property>
           </widget>
          </item>
         </layout>
        </widget>
       </item>
--- a/retroshare-gui/src/gui/connect/ConnectDialog.cpp
+++ b/retroshare-gui/src/gui/connect/ConnectDialog.cpp
@ -131,7 +131,7 @@ void ConnectDialog::authAttempt()
 	/* well lets do it ! */
 	std::cerr << "Attempting AuthCode:" << authCode << std::endl;
        //rsPeers->AuthCertificate(authId, authCode);
-	rsPeers->addFriend(authId);
+        rsPeers->addDummyFriend(authId);
 	rsicontrol->getNotify().notifyListChange(NOTIFY_LIST_NEIGHBOURS,1) ;
 	/* close it up! */
@ -151,15 +151,20 @@ bool ConnectDialog::loadPeer(std::string id)
 	switch(detail.trustLvl)
 	{
-		case RS_TRUST_LVL_GOOD:
+                case RS_TRUST_LVL_ULTIMATE:
-			trustString = "Good";
+                        trustString = "Ultimate";
                break;
                case RS_TRUST_LVL_FULL:
                        trustString = "Full";
 		break;
 		case RS_TRUST_LVL_MARGINAL:
 			trustString = "Marginal";
 		break;
-		case RS_TRUST_LVL_UNKNOWN:
+                case RS_TRUST_LVL_NONE:
                        trustString = "None";
                break;
 		default:
-			trustString = "No Trust";
+                        trustString = "Unknown";
 		break;
 	}
--- a/retroshare-gui/src/gui/connect/ConnectFriendWizard.cpp
+++ b/retroshare-gui/src/gui/connect/ConnectFriendWizard.cpp
@ -53,6 +53,16 @@
 #include <iostream>
 #include <set>
 #define SSL_ID_FIELD_CONNECT_FRIEND_WIZARD "idField"
 #define GPG_ID_FIELD_CONNECT_FRIEND_WIZARD "GPGidField"
 #define LOCATION_FIELD_CONNECT_FRIEND_WIZARD "peerLocation"
 #define CERT_STRING_FIELD_CONNECT_FRIEND_WIZARD "peerCertString"
 #define SIGN_RADIO_BUTTON_FIELD_CONNECT_FRIEND_WIZARD "signRadioButton"
 #define ACCEPT_RADIO_BUTTON_FIELD_CONNECT_FRIEND_WIZARD "acceptRadioButton"
 //============================================================================
 //! 
 ConnectFriendWizard::ConnectFriendWizard(QWidget *parent)
@ -92,22 +102,39 @@ ConnectFriendWizard::ConnectFriendWizard(QWidget *parent)
 void
 ConnectFriendWizard::accept()
 {
-    if ( hasVisitedPage(Page_Conclusion) )
+    if ( hasVisitedPage(Page_Conclusion) ) {
-    {
+        std::cerr << "ConnectFriendWizard::accept() called with page conclusion visited" << std::endl;
        std::string authId = field("idField").toString().toStdString();
        std::string authCode = field("authCode").toString().toStdString();
-        //rsPeers->AuthCertificate(authId, authCode );
+        std::string ssl_Id = field(SSL_ID_FIELD_CONNECT_FRIEND_WIZARD).toString().toStdString();
-        rsPeers->addFriend(authId);
+        std::string gpg_Id = field(GPG_ID_FIELD_CONNECT_FRIEND_WIZARD).toString().toStdString();
        bool sign = field(SIGN_RADIO_BUTTON_FIELD_CONNECT_FRIEND_WIZARD).toBool();
        bool accept_connection = field(ACCEPT_RADIO_BUTTON_FIELD_CONNECT_FRIEND_WIZARD).toBool();
        if (gpg_Id != "") {
            if (sign) {
                std::cerr << "ConclusionPage::validatePage() signing GPG key." << std::endl;
                rsPeers->signGPGCertificate(gpg_Id); //bye default sign set accept_connection to true;
            } else if (accept_connection) {
                std::cerr << "ConclusionPage::validatePage() accepting GPG key for connection." << std::endl;
                rsPeers->setAcceptToConnectGPGCertificate(gpg_Id, true);
            }
        }
        if (ssl_Id != "") {
            rsPeers->addFriend(ssl_Id, gpg_Id);
            //let's check if there is ip adresses in the wizard.
            if (!this->field("ext_friend_ip").isNull() && !this->field("ext_friend_port").isNull()) {
                std::cerr << "ConnectFriendWizard::accept() : setting ip ext address." << std::endl;
-	    rsPeers->setExtAddress(authId, this->field("ext_friend_ip").toString().toStdString(), this->field("ext_friend_port").toInt());
+                rsPeers->setExtAddress(ssl_Id, this->field("ext_friend_ip").toString().toStdString(), this->field("ext_friend_port").toInt());
            }
            if (!this->field("local_friend_ip").isNull() && !this->field("local_friend_port").isNull()) {
                std::cerr << "ConnectFriendWizard::accept() : setting ip local address." << std::endl;
-	    rsPeers->setLocalAddress(authId, this->field("local_friend_ip").toString().toStdString(), this->field("local_friend_port").toInt());
+                rsPeers->setLocalAddress(ssl_Id, this->field("local_friend_ip").toString().toStdString(), this->field("local_friend_port").toInt());
            }
            if (!this->field("peerLocation").isNull()) {
                std::cerr << "ConnectFriendWizard::accept() : setting peerLocation." << std::endl;
                rsPeers->setLocation(ssl_Id, this->field("peerLocation").toString().toStdString());
            }
        }
        rsicontrol->getNotify().notifyListChange(NOTIFY_LIST_NEIGHBOURS,1) ;
@ -313,16 +340,20 @@ TextPage::copyCert()
 //============================================================================
 //
-int
+int TextPage::nextId() const {
-TextPage::nextId() const
+
 {
    std::string id;
    std::string certstr;
    certstr = friendCertEdit->toPlainText().toStdString();
    RsPeerDetails pd;
    if ( rsPeers->loadDetailsFromStringCert(certstr, pd) ) {
 #ifdef FRIEND_WIZARD_DEBUG
            std::cerr << "ConnectFriendWizard got id : " << pd.id << "; gpg_id : " << pd.gpg_id << std::endl;
 #endif
        wizard()->setField(SSL_ID_FIELD_CONNECT_FRIEND_WIZARD, QString::fromStdString(pd.id));
        wizard()->setField(GPG_ID_FIELD_CONNECT_FRIEND_WIZARD, QString::fromStdString(pd.gpg_id));
        wizard()->setField(LOCATION_FIELD_CONNECT_FRIEND_WIZARD, QString::fromStdString(pd.location));
        wizard()->setField(CERT_STRING_FIELD_CONNECT_FRIEND_WIZARD, QString::fromStdString(certstr));
    if ( rsPeers->LoadCertificateFromString(certstr, id) )
    {
        //parse the text to get ip address
 	try {
 #ifdef FRIEND_WIZARD_DEBUG
@ -383,7 +414,6 @@ TextPage::nextId() const
 	} catch (...) {
 	    std::cerr << "ConnectFriendWizard : Parse ip address error." << std::endl;
 	}
 	wizard()->setField("idField", QString::fromStdString(id));
        return ConnectFriendWizard::Page_Conclusion ;
    }
    else
@ -400,9 +430,7 @@ TextPage::nextId() const
 //============================================================================
 //============================================================================
 //
-FofPage::FofPage(QWidget *parent)
+FofPage::FofPage(QWidget *parent) : QWizardPage(parent) {
    : QWizardPage(parent)
 {
 	_friends_signed = false ;
    QString titleStr("<span style=\"font-size:14pt; font-weight:500;" "color:#32cd32;\">%1</span>");
    setTitle( titleStr.arg( tr("Friends of friends") ) ) ;
@ -442,35 +470,26 @@ FofPage::FofPage(QWidget *parent)
 	 updatePeersList(0) ;
 }
-void FofPage::updatePeersList(int e) 
+void FofPage::updatePeersList(int e) {
 {
 	rsiface->unlockData(); /* UnLock Interface */
 	std::cout << "updating peers list with e=" << e << std::endl ;
 	selectedPeersTW->clearContents() ;
        selectedPeersTW->setRowCount(0) ;
 	std::list<std::string> ids ;
-	rsPeers->getOthersList(ids) ;
+        rsPeers->getGPGAllList(ids) ;
 	int row = 0 ;
 	_id_boxes.clear() ;
        std::cerr << "FofPage::updatePeersList() updating peers list with e=" << e << std::endl ;
 	// We have to use this trick because signers are given by their names instead of their ids. That's a cause
 	// for some confusion when two peers have the same name. 
 	//
-	std::set<std::string> my_friends_names ;
+        std::list<std::string> gpg_ids;
-
+        rsPeers->getGPGAllList(gpg_ids);
-	std::list<std::string> friends_ids ;
+        for(std::list<std::string>::const_iterator it(gpg_ids.begin());it!=gpg_ids.end();++it)
 	rsPeers->getFriendList(friends_ids) ;
 	for(std::list<std::string>::const_iterator it(friends_ids.begin());it!=friends_ids.end();++it)
 		my_friends_names.insert(rsPeers->getPeerName(*it)) ;
 	// Now fill in the table of selected peers.
 	//
 	for(std::list<std::string>::const_iterator it(ids.begin());it!=ids.end();++it)
 	{
 		std::cerr << "examining peer " << *it << " (name=" << rsPeers->getPeerName(*it) ;
 		RsPeerDetails details ;
@ -485,10 +504,11 @@ void FofPage::updatePeersList(int e)
 		std::set<std::string> common_friends ;
-                for(std::list<std::string>::const_iterator it2(details.gpgSigners.begin());it2!=details.gpgSigners.end();++it2)
+                for(std::list<std::string>::const_iterator it2(details.gpgSigners.begin());it2!=details.gpgSigners.end();++it2) {
-			if(my_friends_names.find(*it2) != my_friends_names.end()	&& *it2 != details.name)										
+                    if(rsPeers->isGPGAccepted(*it2))										 {
-				common_friends.insert(*it2) ;
+                        common_friends.insert(*it2);
-
+                     }
                }
 		bool show = false;
 		switch(e)
@ -518,6 +538,7 @@ void FofPage::updatePeersList(int e)
 			QCheckBox *cb = new QCheckBox ;
 			cb->setChecked(true) ;
 			_id_boxes[cb] = details.id ;
                        _gpg_id_boxes[cb] = details.gpg_id ;
 			selectedPeersTW->setCellWidget(row,0,cb) ;
 			selectedPeersTW->setItem(row,1,new QTableWidgetItem(QString::fromStdString(details.name))) ;
@ -535,6 +556,8 @@ void FofPage::updatePeersList(int e)
 			++row ;
 		}
 	}
        std::cerr << "FofPage::updatePeersList() finished iterating over peers" << std::endl ;
 	if(row>0)
 	{
 		selectedPeersTW->resizeColumnsToContents() ;
@ -547,18 +570,15 @@ void FofPage::updatePeersList(int e)
 	selectedPeersTW->setSortingEnabled(true) ;
 }
-int FofPage::nextId() const
+int FofPage::nextId() const {
 {
 	return -1 ;
 }
-bool FofPage::isComplete() const
+bool FofPage::isComplete() const {
 {
 	return _friends_signed ;
 }
-void FofPage::signAllSelectedUsers() 
+void FofPage::signAllSelectedUsers() {
 {
 	std::cerr << "makign lots of friends !!" << std::endl ;
 	for(std::map<QCheckBox*,std::string>::const_iterator it(_id_boxes.begin());it!=_id_boxes.end();++it)
@ -566,7 +586,7 @@ void FofPage::signAllSelectedUsers()
 		{
 			std::cerr << "Making friend with " << it->second << std::endl ;
                        //rsPeers->AuthCertificate(it->second, "");
-			rsPeers->addFriend(it->second);
+                        rsPeers->addFriend(it->second, _gpg_id_boxes[it->first]);
 		}
 	_friends_signed = true ;
@ -584,9 +604,7 @@ void FofPage::signAllSelectedUsers()
 //============================================================================
 //============================================================================
-CertificatePage::CertificatePage(QWidget *parent)
+CertificatePage::CertificatePage(QWidget *parent) : QWizardPage(parent) {
    : QWizardPage(parent)
 {
    QString titleStr("<span style=\"font-size:14pt; font-weight:500;"
                               "color:#32cd32;\">%1</span>");
    setTitle( titleStr.arg( tr("Certificate files") ) ) ;
@ -637,9 +655,7 @@ CertificatePage::CertificatePage(QWidget *parent)
 //============================================================================
-void
+void CertificatePage::loadFriendCert() {
 CertificatePage::loadFriendCert()
 {
    QString fileName =
        QFileDialog::getOpenFileName(this, tr("Select Certificate"),
                                     "", tr("Certificates (*.pqi *.pem)"));
@ -653,9 +669,7 @@ CertificatePage::loadFriendCert()
 //============================================================================
-void
+void CertificatePage::generateCertificateCalled() {
 CertificatePage::generateCertificateCalled()
 {
    qDebug() << "  generateCertificateCalled";
    QString qdir = QFileDialog::getSaveFileName(this,
@ -663,7 +677,7 @@ CertificatePage::generateCertificateCalled()
                                                QDir::homePath(),
                                                "RetroShare Certificate (*.pqi)");
-    if ( rsPeers->SaveCertificateToFile(rsPeers->getOwnId(), qdir.toStdString()) )
+    if ( rsPeers->saveCertificateToFile(rsPeers->getOwnId(), qdir.toStdString()) )
    {
        QMessageBox::information(this, tr("RetroShare"),
                         tr("Certificate file successfully created"),
@ -679,33 +693,31 @@ CertificatePage::generateCertificateCalled()
 //============================================================================
-bool
+bool CertificatePage::isComplete() const {
 CertificatePage::isComplete() const
 {
    return !( (friendFileNameEdit->text()).isEmpty() );              
 }
 //============================================================================
-int
+int CertificatePage::nextId() const {
 CertificatePage::nextId() const
 {
    std::string id;
    QString fn = friendFileNameEdit->text();
    if (QFile::exists(fn))
    {
        std::string fnstr = fn.toStdString();
-        if ( rsPeers->LoadCertificateFromFile(fnstr, id) ) 
+//        if ( rsPeers->LoadCertificateFromFile(fnstr, id) )
        if ( false )
        {
-            wizard()->setField("idField", QString::fromStdString(id));
+            wizard()->setField(SSL_ID_FIELD_CONNECT_FRIEND_WIZARD, QString::fromStdString(id));
            return ConnectFriendWizard::Page_Conclusion;
        }
        else
        {
            wizard()->setField("errorMessage",
-                     QString(tr("Certificate Load Failed:something is wrong with %1 ")).arg(fn) );
+//                     QString(tr("Certificate Load Failed:something is wrong with %1 ")).arg(fn) );
                     QString(tr("Not implemented ")));
            return ConnectFriendWizard::Page_ErrorMessage;
        }
    }
@ -752,65 +764,71 @@ int ErrorMessagePage::nextId() const
 //============================================================================
 //============================================================================
-ConclusionPage::ConclusionPage(QWidget *parent)
+ConclusionPage::ConclusionPage(QWidget *parent) : QWizardPage(parent) {
    : QWizardPage(parent)
 {
    QString titleStr("<span style=\"font-size:14pt; font-weight:500;"
                               "color:#32cd32;\">%1</span>");
    setTitle( titleStr.arg( tr("Make Friend") ) ) ;
-    setSubTitle(tr("Fill details about your friend here"));
+    setSubTitle(tr("Details about your friend : "));
    peerDetailsFrame = new QGroupBox;
    peerDetailsFrame->setTitle( tr("Peer details") );
    peerDetailsLayout =  new QGridLayout();
-    trustLabel = new QLabel( tr("Trust:") );
+    trustLabel = new QLabel( tr("Key validity:") );
    peerDetailsLayout->addWidget(trustLabel, 0,0,1,1);
-    trustEdit = new QLineEdit();
+    trustEdit = new QLabel();
    peerDetailsLayout->addWidget(trustEdit, 0,1,1,1);
    nameLabel = new QLabel( tr("Name:") );
    peerDetailsLayout->addWidget(nameLabel, 1,0,1,1);
-    nameEdit = new QLineEdit();
+    nameEdit = new QLabel();
    peerDetailsLayout->addWidget(nameEdit, 1,1,1,1);
-    orgLabel = new QLabel( tr("Org:") );
+    emailLabel = new QLabel( tr("Email:") );
-    peerDetailsLayout->addWidget(orgLabel, 2,0,1,1);
+    peerDetailsLayout->addWidget(emailLabel, 2,0,1,1);
-    orgEdit = new QLineEdit();
+    emailEdit = new QLabel();
-    peerDetailsLayout->addWidget(orgEdit, 2,1,1,1);
+    peerDetailsLayout->addWidget(emailEdit, 2,1,1,1);
    locLabel = new QLabel( tr("Loc:") );
    peerDetailsLayout->addWidget(locLabel, 3,0,1,1);
-    locEdit = new QLineEdit();
+    locEdit = new QLabel();
    peerDetailsLayout->addWidget(locEdit, 3,1,1,1);
    countryLabel = new QLabel( tr("Country:") );
    peerDetailsLayout->addWidget(countryLabel, 4,0,1,1);
    countryEdit = new QLineEdit();
    peerDetailsLayout->addWidget(countryEdit, 4,1,1,1);
    signersLabel = new QLabel( tr("Signers") );
-    peerDetailsLayout->addWidget(signersLabel, 5,0,1,1);
+    peerDetailsLayout->addWidget(signersLabel, 4,0,1,1);
    signersEdit = new QTextEdit();
-    peerDetailsLayout->addWidget(signersEdit, 5,1,1,1);
+    peerDetailsLayout->addWidget(signersEdit, 4,1,1,1);
    peerDetailsFrame->setLayout(peerDetailsLayout);
-    authCodeLabel = new QLabel( tr("AUTH CODE") );
+    signGPGRadioButton = new QRadioButton();
-    authCodeEdit = new QLineEdit();
+    signGPGRadioButton->setText(tr("Add as friend and Sign GPG Key"));
-    registerField("authCode", authCodeEdit);
+    registerField(SIGN_RADIO_BUTTON_FIELD_CONNECT_FRIEND_WIZARD,signGPGRadioButton);
-    
+    acceptNoSignGPGRadioButton = new QRadioButton();
-    authCodeLayout = new QHBoxLayout();
+    acceptNoSignGPGRadioButton->setText(tr("Add as friend but don't sign GPG Key"));
-    authCodeLayout->addWidget(authCodeLabel);
+    registerField(ACCEPT_RADIO_BUTTON_FIELD_CONNECT_FRIEND_WIZARD,acceptNoSignGPGRadioButton);
-    authCodeLayout->addWidget(authCodeEdit);
+    peerDetailsLayout->addWidget(signGPGRadioButton, 5,0,1,-1); // QWidget * widget, int fromRow, int fromColumn, int rowSpan, int columnSpan, Qt::Alignment alignment = 0 )
-    authCodeLayout->addStretch();
+    peerDetailsLayout->addWidget(acceptNoSignGPGRadioButton, 6,0,1,-1); // QWidget * widget, int fromRow, int fromColumn, int rowSpan, int columnSpan, Qt::Alignment alignment = 0 )
    conclusionPageLayout = new QVBoxLayout();
    conclusionPageLayout->addWidget(peerDetailsFrame);
    conclusionPageLayout->addLayout(authCodeLayout);
    setLayout(conclusionPageLayout);
    //registering fields for cross pages access. There maybe a cleaner solution
    peerIdEdit = new QLineEdit(this);
    peerIdEdit->setVisible(false);
-    registerField("idField",peerIdEdit);
+    registerField(SSL_ID_FIELD_CONNECT_FRIEND_WIZARD,peerIdEdit);
    peerGPGIdEdit = new QLineEdit(this);
    peerGPGIdEdit->setVisible(false);
    registerField(SSL_ID_FIELD_CONNECT_FRIEND_WIZARD,peerGPGIdEdit);
    peerLocation = new QLineEdit(this);
    peerLocation->setVisible(false);
    registerField(GPG_ID_FIELD_CONNECT_FRIEND_WIZARD,peerLocation);
    peerCertStringEdit = new QLineEdit(this);
    peerCertStringEdit->setVisible(false);
    registerField(CERT_STRING_FIELD_CONNECT_FRIEND_WIZARD,peerCertStringEdit);
    ext_friend_ip = new QLineEdit(this);
    ext_friend_ip->setVisible(false);
@ -831,36 +849,75 @@ ConclusionPage::ConclusionPage(QWidget *parent)
 //============================================================================
 //
-int ConclusionPage::nextId() const
+int ConclusionPage::nextId() const {
 {
    return -1;
 }
 //
 //============================================================================
 //
-void
+void ConclusionPage::initializePage() {
-ConclusionPage::initializePage()
+    std::string id = field(SSL_ID_FIELD_CONNECT_FRIEND_WIZARD).toString().toStdString();
-{
+    std::string gpg_id = field(GPG_ID_FIELD_CONNECT_FRIEND_WIZARD).toString().toStdString();
-    std::string id = field("idField").toString().toStdString();
+    std::string location = field(LOCATION_FIELD_CONNECT_FRIEND_WIZARD).toString().toStdString();
    std::string certString = field(CERT_STRING_FIELD_CONNECT_FRIEND_WIZARD).toString().toStdString();
    std::cerr << "Conclusion page id : " << id << "; gpg_id : " << gpg_id << std::endl;
    RsPeerDetails detail;
-    if (!rsPeers->getPeerDetails(id, detail))
+    if (!rsPeers->loadDetailsFromStringCert(certString, detail)) {
-    {
+        if (!rsPeers->getPeerDetails(id, detail)) {
            if (!rsPeers->getPeerDetails(gpg_id, detail)) {
                rsiface->unlockData(); /* UnLock Interface */
                return ;//false;
            }
        }
    }
    //set the radio button to sign the GPG key
    if (detail.accept_connection && !detail.ownsign) {
        //gpg key connection is already accepted, don't propose to accept it again
        signGPGRadioButton->setText(tr("Peer is already a GPG key is already a retroshare friend. Sign his GPG key."));
        signGPGRadioButton->setChecked(true);
        acceptNoSignGPGRadioButton->hide();
        acceptNoSignGPGRadioButton->setChecked(false);
    }
    if (!detail.accept_connection && detail.ownsign) {
        //gpg key is already signed, don't propose to sign it again
        acceptNoSignGPGRadioButton->setText(tr("GPG key is already signed, make it a retroshare friend."));
        acceptNoSignGPGRadioButton->setChecked(true);
        signGPGRadioButton->hide();
        signGPGRadioButton->setChecked(false);
    }
    if (!detail.accept_connection && !detail.ownsign) {
        signGPGRadioButton->setText(tr("Add as friend and Sign GPG Key"));
        signGPGRadioButton->show();
        acceptNoSignGPGRadioButton->setText(tr("Add as friend but don't sign GPG Key"));
        acceptNoSignGPGRadioButton->show();
    }
    if (detail.accept_connection && detail.ownsign && !detail.isOnlyGPGdetail) {
        acceptNoSignGPGRadioButton->setChecked(false);
        acceptNoSignGPGRadioButton->hide();
        signGPGRadioButton->setChecked(false);
        signGPGRadioButton->hide();
        radioButtonsLabel = new QLabel(tr("It seems your friend is already registered. Adding it might just set it's ip address."));
        peerDetailsLayout->addWidget(radioButtonsLabel, 7,0,1,-1); // QWidget * widget, int fromRow, int fromColumn, int rowSpan, int columnSpan, Qt::Alignment alignment = 0 )
    }
    std::string trustString;
-
+    switch(detail.validLvl)
    switch(detail.trustLvl)
    {
-            case RS_TRUST_LVL_GOOD:
+            case RS_TRUST_LVL_ULTIMATE:
-                    trustString = "Good";
+                    trustString = "Ultimate";
            break;
            case RS_TRUST_LVL_FULL:
                    trustString = "Full";
            break;
            case RS_TRUST_LVL_MARGINAL:
                    trustString = "Marginal";
            break;
-            case RS_TRUST_LVL_UNKNOWN:
+            case RS_TRUST_LVL_NONE:
                    trustString = "None";
            break;
            default:
                    trustString = "No Trust";
            break;
@ -868,8 +925,7 @@ ConclusionPage::initializePage()
    QString ts;
    std::list<std::string>::iterator it;
-    for(it = detail.gpgSigners.begin(); it != detail.gpgSigners.end(); it++)
+    for(it = detail.gpgSigners.begin(); it != detail.gpgSigners.end(); it++) {
    {
            ts.append(QString::fromStdString( rsPeers->getPeerName(*it) ));
            ts.append( "<" ) ;
            ts.append( QString::fromStdString(*it) );
@ -879,14 +935,11 @@ ConclusionPage::initializePage()
    nameEdit->setText( QString::fromStdString( detail.name ) ) ;
    trustEdit->setText(QString::fromStdString( trustString ) ) ;
-    orgEdit->setText(QString::fromStdString( detail.org ) );
+    emailEdit->setText(QString::fromStdString( detail.email ) );
-    locEdit->setText( QString::fromStdString( detail.location ) );
+    locEdit->setText( QString::fromStdString( location ) );
    countryEdit->setText( QString::fromStdString( detail.email ) );
    signersEdit->setPlainText( ts );
    authCodeEdit->setText( QString::fromStdString(detail.authcode) );
 }
-//
+
 //============================================================================
 //
--- a/retroshare-gui/src/gui/connect/ConnectFriendWizard.h
+++ b/retroshare-gui/src/gui/connect/ConnectFriendWizard.h
@ -160,6 +160,7 @@ private:
 	 bool _friends_signed ;
         std::map<QCheckBox*,std::string> _id_boxes ;
         std::map<QCheckBox*,std::string> _gpg_id_boxes ;
 private slots:
 	void signAllSelectedUsers() ;
@ -203,31 +204,32 @@ private slots:
 private:
    QGroupBox* peerDetailsFrame;
    QGridLayout* peerDetailsLayout;
    QLabel* trustLabel;
-    QLineEdit* trustEdit;
+    QLabel* trustEdit;
    QLabel* nameLabel;
-    QLineEdit* nameEdit;
+    QLabel* nameEdit;
-    QLabel* orgLabel;
+    QLabel* emailLabel;
-    QLineEdit* orgEdit;
+    QLabel* emailEdit;
    QLabel* locLabel;
-    QLineEdit* locEdit;
+    QLabel* locEdit;
    QLabel* countryLabel;
    QLineEdit* countryEdit;
    QLabel* signersLabel;
    QTextEdit* signersEdit;
    QGridLayout* peerDetailsLayout;
-    QLabel* authCodeLabel;
+    QLabel* radioButtonsLabel;
-    QLineEdit* authCodeEdit;
+    QRadioButton *signGPGRadioButton;
-    QHBoxLayout* authCodeLayout;
+    QRadioButton *acceptNoSignGPGRadioButton;
    QVBoxLayout* conclusionPageLayout;
    //! peer id
-    //! It's a hack; This widget is used only to register "id" field in the
+//    //! It's a hack; This widget is used only to register "id" field in the
-    //! wizard. Really the widget isn't displayed.
+//    //! wizard. Really the widget isn't displayed.
    QLineEdit* peerIdEdit;
    QLineEdit* peerGPGIdEdit;
    QLineEdit* peerLocation;
    QLineEdit* peerCertStringEdit;
    QLineEdit* ext_friend_ip;
    QLineEdit* ext_friend_port;
    QLineEdit* local_friend_ip;
--- a/retroshare-gui/src/gui/elastic/graphwidget.cpp
+++ b/retroshare-gui/src/gui/elastic/graphwidget.cpp
@ -88,7 +88,7 @@ bool GraphWidget::clearGraph()
    scene->setSceneRect(-200, -200, 1000, 1000);
    setScene(scene);
-    centerNode = new Node(this, 1, rsPeers->getPGPOwnId(), "You");
+    centerNode = new Node(this, 1, rsPeers->getGPGOwnId(), "You");
    scene->addItem(centerNode);
    centerNode->setPos(0, 0);
--- a/retroshare-gui/src/gui/elastic/node.cpp
+++ b/retroshare-gui/src/gui/elastic/node.cpp
@ -355,7 +355,7 @@ void Node::contextMenuEvent(QGraphicsSceneContextMenuEvent *event)
 		(ntype ==  ELASTIC_NODE_TYPE_FRIEND) || 	
 			(ntype ==  ELASTIC_NODE_TYPE_OWN)) 	
 	{
-		rsPeers->getOthersList(ids);
+                rsPeers->getFriendList(ids);
    		QAction *addAction = menu.addAction("Add All as Friends");
     		QAction *rmAction = menu.addAction("Remove All as Friends");
--- a/retroshare-gui/src/gui/notifyqt.cpp
+++ b/retroshare-gui/src/gui/notifyqt.cpp
@ -236,6 +236,7 @@ void NotifyQt::UpdateGUI()
 			/* id the name */
 			std::string name = rsPeers->getPeerName(id);
                        std::cerr << "NotifyQT got message for peer id : " << id << "; name : " << name << std::endl;
 			std::string realmsg = "<strong>" + name + "</strong>";
 			switch(type)
 			{
--- a/retroshare-gui/src/gui/settings/CryptoPage.cpp
+++ b/retroshare-gui/src/gui/settings/CryptoPage.cpp
@ -128,7 +128,7 @@ CryptoPage::exportPublicKey()
                                                QDir::homePath(),
                                                "RetroShare Certificate (*.pqi)");
-    if ( rsPeers->SaveCertificateToFile(rsPeers->getOwnId(), qdir.toStdString()) )
+    if ( rsPeers->saveCertificateToFile(rsPeers->getOwnId(), qdir.toStdString()) )
    {
        QMessageBox::information(this, tr("RetroShare"),
                         tr("Certificate file successfully created"),
--- a/retroshare-gui/src/gui/statusbar/peerstatus.cpp
+++ b/retroshare-gui/src/gui/statusbar/peerstatus.cpp
@ -72,7 +72,7 @@ void PeerStatus::getPeerStatus()
    int friends = ids.size();
    ids.clear();
-    rsPeers->getOthersList(ids);
+    //rsPeers->getOthersList(ids);
    int others = 1 + ids.size();
    std::ostringstream out2;