[gmime] Cleaned up crypto API

[Jeffrey Stedfast <fejj src gnome org>]

commit 4751d434ebf55b93cab2d83ac4da5d65b57b22a3
Author: Jeffrey Stedfast <fejj gnome org>
Date:   Thu Mar 17 19:26:28 2011 -0400

    Cleaned up crypto API
    
    2011-03-17  Jeffrey Stedfast  <fejj novell com>
    
    	* gmime/gmime-multipart-encrypted.c: Updated for crypto API
    	changes.
    
    	* gmime/gmime-multipart-signed.c: Updated for crypto API changes.
    
    	* gmime/gmime-crypto-context.c (g_mime_crypto_context_verify): Now
    	returns a GMimeSignatureList, the 'details' string was worthless
    	for GpgMe backend.
    	(GMimeDecryptResult): This is now a GObject.
    
    	* gmime/gmime-pkcs7-context.c: Updated for crypto API changes.
    
    	* gmime/gmime-gpg-context.c: Updated for crypto API changes.

 ChangeLog                         |   14 +
 gmime/Makefile.am                 |    4 +
 gmime/gmime-certificate.c         |    8 +-
 gmime/gmime-certificate.h         |    4 +-
 gmime/gmime-crypto-context.c      | 1205 ++++++-------------------------------
 gmime/gmime-crypto-context.h      |  419 +++-----------
 gmime/gmime-gpg-context.c         |  377 ++++++------
 gmime/gmime-multipart-encrypted.c |   16 +-
 gmime/gmime-multipart-encrypted.h |    4 +-
 gmime/gmime-multipart-signed.c    |   28 +-
 gmime/gmime-multipart-signed.h    |    8 +-
 gmime/gmime-pkcs7-context.c       |  251 ++++----
 gmime/gmime-signature.c           |    8 +-
 13 files changed, 612 insertions(+), 1734 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index 95543f5..a544730 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,19 @@
 2011-03-17  Jeffrey Stedfast  <fejj novell com>
 
+	* gmime/gmime-multipart-encrypted.c: Updated for crypto API
+	changes.
+
+	* gmime/gmime-multipart-signed.c: Updated for crypto API changes.
+
+	* gmime/gmime-crypto-context.c (g_mime_crypto_context_verify): Now
+	returns a GMimeSignatureList, the 'details' string was worthless
+	for GpgMe backend.
+	(GMimeDecryptResult): This is now a GObject.
+
+	* gmime/gmime-pkcs7-context.c: Updated for crypto API changes.
+
+	* gmime/gmime-gpg-context.c: Updated for crypto API changes.
+
 	* gmime/gmime-certificate.[c,h]: New source files implementing
 	Certificate and CertificateList classes.
 
diff --git a/gmime/Makefile.am b/gmime/Makefile.am
index f074a41..048fc1e 100644
--- a/gmime/Makefile.am
+++ b/gmime/Makefile.am
@@ -20,6 +20,7 @@ lib_LTLIBRARIES = libgmime-2.6.la
 
 libgmime_2_6_la_SOURCES = 		\
 	gmime.c				\
+	gmime-certificate.c		\
 	gmime-charset.c			\
 	gmime-common.c			\
 	gmime-content-type.c		\
@@ -55,6 +56,7 @@ libgmime_2_6_la_SOURCES = 		\
 	gmime-parse-utils.c		\
 	gmime-parser.c			\
 	gmime-part.c			\
+	gmime-signature.c		\
 	gmime-stream.c			\
 	gmime-stream-buffer.c		\
 	gmime-stream-cat.c		\
@@ -77,6 +79,7 @@ endif
 
 gmimeinclude_HEADERS = 			\
 	gmime.h				\
+	gmime-certificate.h		\
 	gmime-charset.h			\
 	gmime-content-type.h		\
 	gmime-crypto-context.h		\
@@ -110,6 +113,7 @@ gmimeinclude_HEADERS = 			\
 	gmime-param.h			\
 	gmime-parser.h			\
 	gmime-part.h			\
+	gmime-signature.h		\
 	gmime-stream.h			\
 	gmime-stream-buffer.h		\
 	gmime-stream-cat.h		\
diff --git a/gmime/gmime-certificate.c b/gmime/gmime-certificate.c
index 0865fa9..603489e 100644
--- a/gmime/gmime-certificate.c
+++ b/gmime/gmime-certificate.c
@@ -23,6 +23,8 @@
 #include <config.h>
 #endif
 
+#include <string.h>
+
 #include "gmime-certificate.h"
 
 
@@ -134,7 +136,7 @@ g_mime_certificate_new (void)
 void
 g_mime_certificate_set_trust (GMimeCertificate *cert, GMimeCertificateTrust trust)
 {
-	g_return_if_fail (certificate != NULL);
+	g_return_if_fail (GMIME_IS_CERTIFICATE (cert));
 	
 	cert->trust = trust;
 }
@@ -587,7 +589,7 @@ g_mime_certificate_list_new (void)
 int
 g_mime_certificate_list_length (GMimeCertificateList *list)
 {
-	g_return_val_if_fail (IS_G_MIME_CERTIFICATE_LIST (list), -1);
+	g_return_val_if_fail (GMIME_IS_CERTIFICATE_LIST (list), -1);
 	
 	return list->array->len;
 }
@@ -605,7 +607,7 @@ g_mime_certificate_list_clear (GMimeCertificateList *list)
 	GMimeCertificate *cert;
 	guint i;
 	
-	g_return_if_fail (IS_G_MIME_CERTIFICATE_LIST (list));
+	g_return_if_fail (GMIME_IS_CERTIFICATE_LIST (list));
 	
 	for (i = 0; i < list->array->len; i++) {
 		cert = (GMimeCertificate *) list->array->pdata[i];
diff --git a/gmime/gmime-certificate.h b/gmime/gmime-certificate.h
index 9ad6274..efd5f3e 100644
--- a/gmime/gmime-certificate.h
+++ b/gmime/gmime-certificate.h
@@ -169,10 +169,10 @@ void g_mime_certificate_set_trust (GMimeCertificate *cert, GMimeCertificateTrust
 GMimeCertificateTrust g_mime_certificate_get_trust (GMimeCertificate *cert);
 
 void g_mime_certificate_set_pubkey_algo (GMimeCertificate *cert, GMimePubKeyAlgo algo);
-GMimeCryptoPubKeyAlgo g_mime_certificate_get_pubkey_algo (GMimeCertificate *cert);
+GMimePubKeyAlgo g_mime_certificate_get_pubkey_algo (GMimeCertificate *cert);
 
 void g_mime_certificate_set_digest_algo (GMimeCertificate *cert, GMimeDigestAlgo algo);
-GMimeCryptoHash g_mime_certificate_get_digest_algo (GMimeCertificate *cert);
+GMimeDigestAlgo g_mime_certificate_get_digest_algo (GMimeCertificate *cert);
 
 void g_mime_certificate_set_issuer_serial (GMimeCertificate *cert, const char *issuer_serial);
 const char *g_mime_certificate_get_issuer_serial (GMimeCertificate *cert);
diff --git a/gmime/gmime-crypto-context.c b/gmime/gmime-crypto-context.c
index c5803b9..925b9bb 100644
--- a/gmime/gmime-crypto-context.c
+++ b/gmime/gmime-crypto-context.c
@@ -42,9 +42,9 @@ static void g_mime_crypto_context_class_init (GMimeCryptoContextClass *klass);
 static void g_mime_crypto_context_init (GMimeCryptoContext *ctx, GMimeCryptoContextClass *klass);
 static void g_mime_crypto_context_finalize (GObject *object);
 
-static GMimeCryptoHash crypto_hash_id (GMimeCryptoContext *ctx, const char *hash);
+static GMimeDigestAlgo crypto_digest_id (GMimeCryptoContext *ctx, const char *name);
 
-static const char *crypto_hash_name (GMimeCryptoContext *ctx, GMimeCryptoHash hash);
+static const char *crypto_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo );
 
 static const char *crypto_get_signature_protocol (GMimeCryptoContext *ctx);
 
@@ -53,20 +53,20 @@ static const char *crypto_get_encryption_protocol (GMimeCryptoContext *ctx);
 static const char *crypto_get_key_exchange_protocol (GMimeCryptoContext *ctx);
 
 static int crypto_sign (GMimeCryptoContext *ctx, const char *userid,
-			GMimeCryptoHash hash, GMimeStream *istream,
+			GMimeDigestAlgo digest, GMimeStream *istream,
 			GMimeStream *ostream, GError **err);
 	
-static GMimeSignatureValidity *crypto_verify (GMimeCryptoContext *ctx, GMimeCryptoHash hash,
-					      GMimeStream *istream, GMimeStream *sigstream,
-					      GError **err);
+static GMimeSignatureList *crypto_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
+					  GMimeStream *istream, GMimeStream *sigstream,
+					  GError **err);
 	
 static int crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign,
-			   const char *userid, GMimeCryptoHash hash,
+			   const char *userid, GMimeDigestAlgo digest,
 			   GPtrArray *recipients, GMimeStream *istream,
 			   GMimeStream *ostream, GError **err);
 
-static GMimeDecryptionResult *crypto_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
-					      GMimeStream *ostream, GError **err);
+static GMimeDecryptResult *crypto_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
+					   GMimeStream *ostream, GError **err);
 
 static int crypto_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream,
 			       GError **err);
@@ -112,8 +112,8 @@ g_mime_crypto_context_class_init (GMimeCryptoContextClass *klass)
 	
 	object_class->finalize = g_mime_crypto_context_finalize;
 	
-	klass->hash_id = crypto_hash_id;
-	klass->hash_name = crypto_hash_name;
+	klass->digest_id = crypto_digest_id;
+	klass->digest_name = crypto_digest_name;
 	klass->sign = crypto_sign;
 	klass->verify = crypto_verify;
 	klass->encrypt = crypto_encrypt;
@@ -140,13 +140,6 @@ g_mime_crypto_context_finalize (GObject *object)
 }
 
 
-static GMimeCryptoHash
-crypto_hash_id (GMimeCryptoContext *ctx, const char *hash)
-{
-	return GMIME_CRYPTO_HASH_DEFAULT;
-}
-
-
 /**
  * g_mime_crypto_context_set_request_password:
  * @ctx: a #GMimeCryptoContext
@@ -164,6 +157,13 @@ g_mime_crypto_context_set_request_password (GMimeCryptoContext *ctx, GMimePasswo
 }
 
 
+static GMimeDigestAlgo
+crypto_digest_id (GMimeCryptoContext *ctx, const char *name)
+{
+	return GMIME_DIGEST_ALGO_DEFAULT;
+}
+
+
 /**
  * g_mime_crypto_context_get_request_password:
  * @ctx: a #GMimeCryptoContext
@@ -183,46 +183,46 @@ g_mime_crypto_context_get_request_password (GMimeCryptoContext *ctx)
 
 
 /**
- * g_mime_crypto_context_hash_id:
+ * g_mime_crypto_context_digest_id:
  * @ctx: a #GMimeCryptoContext
- * @hash: hash name
+ * @name: digest name
  *
- * Gets the hash id based on the hash name @hash.
+ * Gets the digest id based on the digest name.
  *
- * Returns: the equivalent hash id or #GMIME_CRYPTO_HASH_DEFAULT on fail.
+ * Returns: the equivalent digest id or #GMIME_DIGEST_ALGO_DEFAULT on fail.
  **/
-GMimeCryptoHash
-g_mime_crypto_context_hash_id (GMimeCryptoContext *ctx, const char *hash)
+GMimeDigestAlgo
+g_mime_crypto_context_digest_id (GMimeCryptoContext *ctx, const char *name)
 {
-	g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), GMIME_CRYPTO_HASH_DEFAULT);
-	g_return_val_if_fail (hash != NULL, GMIME_CRYPTO_HASH_DEFAULT);
+	g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), GMIME_DIGEST_ALGO_DEFAULT);
+	g_return_val_if_fail (name != NULL, GMIME_DIGEST_ALGO_DEFAULT);
 	
-	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->hash_id (ctx, hash);
+	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->digest_id (ctx, name);
 }
 
 
 static const char *
-crypto_hash_name (GMimeCryptoContext *ctx, GMimeCryptoHash hash)
+crypto_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest)
 {
 	return NULL;
 }
 
 
 /**
- * g_mime_crypto_context_hash_name:
+ * g_mime_crypto_context_digest_name:
  * @ctx: a #GMimeCryptoContext
- * @hash: hash id
+ * @digest: digest id
  *
- * Gets the hash name based on the hash id @hash.
+ * Gets the digest name based on the digest id @digest.
  *
- * Returns: the equivalent hash name or %NULL on fail.
+ * Returns: the equivalent digest name or %NULL on fail.
  **/
 const char *
-g_mime_crypto_context_hash_name (GMimeCryptoContext *ctx, GMimeCryptoHash hash)
+g_mime_crypto_context_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest)
 {
 	g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), NULL);
 	
-	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->hash_name (ctx, hash);
+	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->digest_name (ctx, digest);
 }
 
 
@@ -299,7 +299,7 @@ g_mime_crypto_context_get_key_exchange_protocol (GMimeCryptoContext *ctx)
 
 
 static int
-crypto_sign (GMimeCryptoContext *ctx, const char *userid, GMimeCryptoHash hash,
+crypto_sign (GMimeCryptoContext *ctx, const char *userid, GMimeDigestAlgo digest,
 	     GMimeStream *istream, GMimeStream *ostream, GError **err)
 {
 	g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
@@ -313,30 +313,30 @@ crypto_sign (GMimeCryptoContext *ctx, const char *userid, GMimeCryptoHash hash,
  * g_mime_crypto_context_sign:
  * @ctx: a #GMimeCryptoContext
  * @userid: private key to use to sign the stream
- * @hash: digest algorithm to use
+ * @digest: digest algorithm to use
  * @istream: input stream
  * @ostream: output stream
  * @err: a #GError
  *
  * Signs the input stream and writes the resulting signature to the output stream.
  *
- * Returns: the #GMimeCryptoHash used on success (useful if @hash is
- * specified as #GMIME_CRYPTO_HASH_DEFAULT) or %-1 on fail.
+ * Returns: the #GMimeDigestAlgo used on success (useful if @digest is
+ * specified as #GMIME_DIGEST_ALGO_DEFAULT) or %-1 on fail.
  **/
 int
-g_mime_crypto_context_sign (GMimeCryptoContext *ctx, const char *userid, GMimeCryptoHash hash,
+g_mime_crypto_context_sign (GMimeCryptoContext *ctx, const char *userid, GMimeDigestAlgo digest,
 			    GMimeStream *istream, GMimeStream *ostream, GError **err)
 {
 	g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), -1);
 	g_return_val_if_fail (GMIME_IS_STREAM (istream), -1);
 	g_return_val_if_fail (GMIME_IS_STREAM (ostream), -1);
 	
-	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->sign (ctx, userid, hash, istream, ostream, err);
+	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->sign (ctx, userid, digest, istream, ostream, err);
 }
 
 
-static GMimeSignatureValidity *
-crypto_verify (GMimeCryptoContext *ctx, GMimeCryptoHash hash, GMimeStream *istream,
+static GMimeSignatureList *
+crypto_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest, GMimeStream *istream,
 	       GMimeStream *sigstream, GError **err)
 {
 	g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
@@ -349,7 +349,7 @@ crypto_verify (GMimeCryptoContext *ctx, GMimeCryptoHash hash, GMimeStream *istre
 /**
  * g_mime_crypto_context_verify:
  * @ctx: a #GMimeCryptoContext
- * @hash: digest algorithm used, if known
+ * @digest: digest algorithm used, if known
  * @istream: input stream
  * @sigstream: optional detached-signature stream
  * @err: a #GError
@@ -359,23 +359,22 @@ crypto_verify (GMimeCryptoContext *ctx, GMimeCryptoHash hash, GMimeStream *istre
  * @sigstream is assumed to be the signature stream and is used to
  * verify the integirity of the @istream.
  *
- * Returns: a #GMimeSignatureValidity structure containing information
- * about the integrity of the input stream or %NULL on failure to
- * execute at all.
+ * Returns: a #GMimeSignatureList object containing the status of each
+ * signature.
  **/
-GMimeSignatureValidity *
-g_mime_crypto_context_verify (GMimeCryptoContext *ctx, GMimeCryptoHash hash, GMimeStream *istream,
+GMimeSignatureList *
+g_mime_crypto_context_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest, GMimeStream *istream,
 			      GMimeStream *sigstream, GError **err)
 {
 	g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), NULL);
 	g_return_val_if_fail (GMIME_IS_STREAM (istream), NULL);
 	
-	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->verify (ctx, hash, istream, sigstream, err);
+	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->verify (ctx, digest, istream, sigstream, err);
 }
 
 
 static int
-crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMimeCryptoHash hash,
+crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMimeDigestAlgo digest,
 		GPtrArray *recipients, GMimeStream *istream, GMimeStream *ostream, GError **err)
 {
 	g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED,
@@ -390,7 +389,7 @@ crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMim
  * @ctx: a #GMimeCryptoContext
  * @sign: sign as well as encrypt
  * @userid: key id (or email address) to use when signing (assuming @sign is %TRUE)
- * @hash: digest algorithm to use when signing
+ * @digest: digest algorithm to use when signing
  * @recipients: an array of recipient key ids and/or email addresses
  * @istream: cleartext input stream
  * @ostream: ciphertext output stream
@@ -402,18 +401,18 @@ crypto_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMim
  * Returns: %0 on success or %-1 on fail.
  **/
 int
-g_mime_crypto_context_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMimeCryptoHash hash,
+g_mime_crypto_context_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid, GMimeDigestAlgo digest,
 			       GPtrArray *recipients, GMimeStream *istream, GMimeStream *ostream, GError **err)
 {
 	g_return_val_if_fail (GMIME_IS_CRYPTO_CONTEXT (ctx), -1);
 	g_return_val_if_fail (GMIME_IS_STREAM (istream), -1);
 	g_return_val_if_fail (GMIME_IS_STREAM (ostream), -1);
 	
-	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->encrypt (ctx, sign, userid, hash, recipients, istream, ostream, err);
+	return GMIME_CRYPTO_CONTEXT_GET_CLASS (ctx)->encrypt (ctx, sign, userid, digest, recipients, istream, ostream, err);
 }
 
 
-static GMimeDecryptionResult *
+static GMimeDecryptResult *
 crypto_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
 		GMimeStream *ostream, GError **err)
 {
@@ -435,16 +434,16 @@ crypto_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
  * cleartext to the output stream.
  *
  * If the encrypted input stream was also signed, the returned
- * #GMimeDecryptionResult will have a non-%NULL #GMimeSignatureValidity which
- * will contain a list of signers, each with a #GMimeSignerStatus (among other
- * details about each signer).
+ * #GMimeDecryptResult will have a non-%NULL list of signatures, each with a
+ * #GMimeSignatureStatus (among other details about each signature).
  *
- * On success, the returned #GMimeDecryptionResult will contain a list of
- * recipient keys that the original encrypted stream was encrypted to.
+ * On success, the returned #GMimeDecryptResult will contain a list of
+ * certificates, one for each recipient, that the original encrypted stream
+ * was encrypted to.
  *
- * Returns: a #GMimeDecryptionResult on success or %NULL on error.
+ * Returns: a #GMimeDecryptResult on success or %NULL on error.
  **/
-GMimeDecryptionResult *
+GMimeDecryptResult *
 g_mime_crypto_context_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
 			       GMimeStream *ostream, GError **err)
 {
@@ -522,1094 +521,232 @@ g_mime_crypto_context_export_keys (GMimeCryptoContext *ctx, GPtrArray *keys,
 }
 
 
-/**
- * g_mime_signer_new:
- * @status: A #GMimeSignerStatus
- *
- * Allocates an new #GMimeSigner with the designated @status. This
- * function is meant to be used in #GMimeCryptoContext subclasses when
- * allocating signers to add to a #GMimeSignatureValidity.
- *
- * Returns: a new #GMimeSigner with the designated @status.
- **/
-GMimeSigner *
-g_mime_signer_new (GMimeSignerStatus status)
-{
-	GMimeSigner *signer;
-	
-	signer = g_slice_new (GMimeSigner);
-	signer->pubkey_algo = GMIME_CRYPTO_PUBKEY_ALGO_DEFAULT;
-	signer->hash_algo = GMIME_CRYPTO_HASH_DEFAULT;
-	signer->status = status;
-	signer->errors = GMIME_SIGNER_ERROR_NONE;
-	signer->trust = GMIME_SIGNER_TRUST_NONE;
-	signer->sig_created = (time_t) -1;
-	signer->sig_expires = (time_t) -1;
-	signer->key_created = (time_t) -1;
-	signer->key_expires = (time_t) -1;
-	signer->issuer_serial = NULL;
-	signer->issuer_name = NULL;
-	signer->fingerprint = NULL;
-	signer->keyid = NULL;
-	signer->email = NULL;
-	signer->name = NULL;
-	signer->next = NULL;
-	
-	return signer;
-}
-
-
-/**
- * g_mime_signer_free:
- * @signer: a #GMimeSigner
- *
- * Frees the singleton signer. Should NOT be used to free signers
- * returned from g_mime_signature_validity_get_signers().
- **/
-void
-g_mime_signer_free (GMimeSigner *signer)
-{
-	g_free (signer->issuer_serial);
-	g_free (signer->issuer_name);
-	g_free (signer->fingerprint);
-	g_free (signer->keyid);
-	g_free (signer->email);
-	g_free (signer->name);
-	
-	g_slice_free (GMimeSigner, signer);
-}
-
-
-/**
- * g_mime_signer_next:
- * @signer: a #GMimeSigner
- *
- * Advance to the next signer.
- *
- * Returns: the next #GMimeSigner or %NULL when complete.
- **/
-const GMimeSigner *
-g_mime_signer_next (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, NULL);
-	
-	return signer->next;
-}
-
-
-/**
- * g_mime_signer_set_status:
- * @signer: a #GMimeSigner
- * @status: a #GMimeSignerStatus
- *
- * Set the status on the signer.
- **/
-void
-g_mime_signer_set_status (GMimeSigner *signer, GMimeSignerStatus status)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->status = status;
-}
-
-
-/**
- * g_mime_signer_get_status:
- * @signer: a #GMimeSigner
- *
- * Get the signer status.
- *
- * Returns: the signer status.
- **/
-GMimeSignerStatus
-g_mime_signer_get_status (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, GMIME_SIGNER_STATUS_BAD);
-	
-	return signer->status;
-}
-
-
-/**
- * g_mime_signer_set_errors:
- * @signer: a #GMimeSigner
- * @error: a #GMimeSignerError
- *
- * Set the errors on the signer.
- **/
-void
-g_mime_signer_set_errors (GMimeSigner *signer, GMimeSignerError errors)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->errors = errors;
-}
-
-
-/**
- * g_mime_signer_get_errors:
- * @signer: a #GMimeSigner
- *
- * Get the signer errors. If the #GMimeSignerStatus returned from
- * g_mime_signer_get_status() is not #GMIME_SIGNER_STATUS_GOOD, then
- * the errors may provide a clue as to why.
- *
- * Returns: the signer errors.
- **/
-GMimeSignerError
-g_mime_signer_get_errors (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, GMIME_SIGNER_ERROR_NONE);
-	
-	return signer->errors;
-}
-
-
-/**
- * g_mime_signer_set_trust:
- * @signer: a #GMimeSigner
- * @trust: a #GMimeSignerTrust
- *
- * Set the signer trust.
- **/
-void
-g_mime_signer_set_trust (GMimeSigner *signer, GMimeSignerTrust trust)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->trust = trust;
-}
-
-
-/**
- * g_mime_signer_get_trust:
- * @signer: a #GMimeSigner
- *
- * Get the signer trust.
- *
- * Returns: the signer trust.
- **/
-GMimeSignerTrust
-g_mime_signer_get_trust (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, GMIME_SIGNER_TRUST_NONE);
-	
-	return signer->trust;
-}
-
-
-/**
- * g_mime_signer_set_sig_class:
- * @signer: a #GMimeSigner
- * @sig_class: signature class
- *
- * Set the signer's signature class.
- **/
-void
-g_mime_signer_set_sig_class (GMimeSigner *signer, int sig_class)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->sig_class = (unsigned int) (sig_class & 0xff);
-}
-
-
-/**
- * g_mime_signer_get_sig_class:
- * @signer: a #GMimeSigner
- *
- * Get the signer's signature class.
- *
- * Returns: the signer's signature class.
- **/
-int
-g_mime_signer_get_sig_class (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, 0);
-	
-	return signer->sig_class;
-}
-
-
-/**
- * g_mime_signer_set_sig_version:
- * @signer: a #GMimeSigner
- * @version: signature version
- *
- * Set the signer's signature version.
- **/
-void
-g_mime_signer_set_sig_version (GMimeSigner *signer, int version)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->sig_ver = (unsigned int) (version & 0xff);
-}
-
-
-/**
- * g_mime_signer_get_sig_version:
- * @signer: a #GMimeSigner
- *
- * Get the signer's signature version.
- *
- * Returns: the signer's signature version.
- **/
-int
-g_mime_signer_get_sig_version (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, 0);
-	
-	return signer->sig_ver;
-}
-
-
-/**
- * g_mime_signer_set_pubkey_algo:
- * @signer: a #GMimeSigner
- * @pubkey_algo: a #GMimeCryptoPubKeyAlgo
- *
- * Set the public-key algorithm used by the signer.
- **/
-void
-g_mime_signer_set_pubkey_algo (GMimeSigner *signer, GMimeCryptoPubKeyAlgo pubkey_algo)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->pubkey_algo = pubkey_algo;
-}
-
-
-/**
- * g_mime_signer_get_pubkey_algo:
- * @signer: a #GMimeSigner
- *
- * Get the public-key algorithm used by the signer.
- *
- * Returns: the public-key algorithm used by the signer.
- **/
-GMimeCryptoPubKeyAlgo
-g_mime_signer_get_pubkey_algo (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, GMIME_CRYPTO_PUBKEY_ALGO_DEFAULT);
-	
-	return signer->pubkey_algo;
-}
-
-
-/**
- * g_mime_signer_set_hash_algo:
- * @signer: a #GMimeSigner
- * @hash: a #GMimeCryptoHash
- *
- * Set the hash algorithm used by the signer.
- **/
-void
-g_mime_signer_set_hash_algo (GMimeSigner *signer, GMimeCryptoHash hash)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->hash_algo = hash;
-}
-
-
-/**
- * g_mime_signer_get_hash_algo:
- * @signer: a #GMimeSigner
- *
- * Get the hash algorithm used by the signer.
- *
- * Returns: the hash algorithm used by the signer.
- **/
-GMimeCryptoHash
-g_mime_signer_get_hash_algo (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, GMIME_CRYPTO_HASH_DEFAULT);
-	
-	return signer->hash_algo;
-}
-
-
-/**
- * g_mime_signer_set_issuer_serial:
- * @signer: a #GMimeSigner
- * @issuer_serial: signer's issuer serial
- *
- * Set the signer's issuer serial.
- **/
-void
-g_mime_signer_set_issuer_serial (GMimeSigner *signer, const char *issuer_serial)
-{
-	g_return_if_fail (signer != NULL);
-	
-	g_free (signer->issuer_serial);
-	signer->issuer_serial = g_strdup (issuer_serial);
-}
-
-
-/**
- * g_mime_signer_get_issuer_serial:
- * @signer: a #GMimeSigner
- *
- * Get the signer's issuer serial.
- *
- * Returns: the signer's issuer serial.
- **/
-const char *
-g_mime_signer_get_issuer_serial (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, NULL);
-	
-	return signer->issuer_serial;
-}
-
-
-/**
- * g_mime_signer_set_issuer_name:
- * @signer: a #GMimeSigner
- * @issuer_name: signer's issuer name
- *
- * Set the signer's issuer name.
- **/
-void
-g_mime_signer_set_issuer_name (GMimeSigner *signer, const char *issuer_name)
-{
-	g_return_if_fail (signer != NULL);
-	
-	g_free (signer->issuer_name);
-	signer->issuer_name = g_strdup (issuer_name);
-}
-
-
-/**
- * g_mime_signer_get_issuer_name:
- * @signer: a #GMimeSigner
- *
- * Get the signer's issuer name.
- *
- * Returns: the signer's issuer name.
- **/
-const char *
-g_mime_signer_get_issuer_name (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, NULL);
-	
-	return signer->issuer_name;
-}
-
-
-/**
- * g_mime_signer_set_fingerprint:
- * @signer: a #GMimeSigner
- * @fingerprint: fingerprint string
- *
- * Set the signer's key fingerprint.
- **/
-void
-g_mime_signer_set_fingerprint (GMimeSigner *signer, const char *fingerprint)
-{
-	g_return_if_fail (signer != NULL);
-	
-	g_free (signer->fingerprint);
-	signer->fingerprint = g_strdup (fingerprint);
-}
-
-
-/**
- * g_mime_signer_get_fingerprint:
- * @signer: a #GMimeSigner
- *
- * Get the signer's key fingerprint.
- *
- * Returns: the signer's key fingerprint.
- **/
-const char *
-g_mime_signer_get_fingerprint (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, NULL);
-	
-	return signer->fingerprint;
-}
-
-
-/**
- * g_mime_signer_set_key_id:
- * @signer: a #GMimeSigner
- * @key_id: key id
- *
- * Set the signer's key id.
- **/
-void
-g_mime_signer_set_key_id (GMimeSigner *signer, const char *key_id)
-{
-	g_return_if_fail (signer != NULL);
-	
-	g_free (signer->keyid);
-	signer->keyid = g_strdup (key_id);
-}
-
-
-/**
- * g_mime_signer_get_key_id:
- * @signer: a #GMimeSigner
- *
- * Get the signer's key id.
- *
- * Returns: the signer's key id.
- **/
-const char *
-g_mime_signer_get_key_id (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, NULL);
-	
-	return signer->keyid;
-}
-
-
-/**
- * g_mime_signer_set_email:
- * @signer: a #GMimeSigner
- * @email: signer's email
- *
- * Set the signer's email.
- **/
-void
-g_mime_signer_set_email (GMimeSigner *signer, const char *email)
-{
-	g_return_if_fail (signer != NULL);
-	
-	g_free (signer->email);
-	signer->email = g_strdup (email);
-}
-
-
-/**
- * g_mime_signer_get_email:
- * @signer: a #GMimeSigner
- *
- * Get the signer's email.
- *
- * Returns: the signer's email.
- **/
-const char *
-g_mime_signer_get_email (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, NULL);
-	
-	return signer->email;
-}
-
-
-/**
- * g_mime_signer_set_name:
- * @signer: a #GMimeSigner
- * @name: signer's name
- *
- * Set the signer's name.
- **/
-void
-g_mime_signer_set_name (GMimeSigner *signer, const char *name)
-{
-	g_return_if_fail (signer != NULL);
-	
-	g_free (signer->name);
-	signer->name = g_strdup (name);
-}
-
-
-/**
- * g_mime_signer_get_name:
- * @signer: a #GMimeSigner
- *
- * Get the signer's name.
- *
- * Returns: the signer's name.
- **/
-const char *
-g_mime_signer_get_name (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, NULL);
-	
-	return signer->name;
-}
-
-
-/**
- * g_mime_signer_set_sig_created:
- * @signer: a #GMimeSigner
- * @created: creation date
- *
- * Set the creation date of the signer's signature.
- **/
-void
-g_mime_signer_set_sig_created (GMimeSigner *signer, time_t created)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->sig_created = created;
-}
+static void g_mime_decrypt_result_class_init (GMimeDecryptResultClass *klass);
+static void g_mime_decrypt_result_init (GMimeDecryptResult *cert, GMimeDecryptResultClass *klass);
+static void g_mime_decrypt_result_finalize (GObject *object);
 
+static GObjectClass *result_parent_class = NULL;
 
-/**
- * g_mime_signer_get_sig_created:
- * @signer: a #GMimeSigner
- *
- * Get the creation date of the signer's signature.
- *
- * Returns: the creation date of the signer's signature or %-1 if
- * unknown.
- **/
-time_t
-g_mime_signer_get_sig_created (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, (time_t) -1);
-	
-	return signer->sig_created;
-}
 
-
-/**
- * g_mime_signer_set_sig_expires:
- * @signer: a #GMimeSigner
- * @expires: expiration date
- *
- * Set the expiration date of the signer's signature.
- **/
-void
-g_mime_signer_set_sig_expires (GMimeSigner *signer, time_t expires)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->sig_expires = expires;
-}
-
-
-/**
- * g_mime_signer_get_sig_expires:
- * @signer: a #GMimeSigner
- *
- * Get the expiration date of the signer's signature.
- *
- * Returns: the expiration date of the signer's signature or %-1 if
- * unknown.
- **/
-time_t
-g_mime_signer_get_sig_expires (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, (time_t) -1);
-	
-	return signer->sig_expires;
-}
-
-
-/**
- * g_mime_signer_set_key_created:
- * @signer: a #GMimeSigner
- * @created: creation date
- *
- * Set the creation date of the signer's key.
- **/
-void
-g_mime_signer_set_key_created (GMimeSigner *signer, time_t created)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->key_created = created;
-}
-
-
-/**
- * g_mime_signer_get_key_created:
- * @signer: a #GMimeSigner
- *
- * Get the creation date of the signer's key.
- *
- * Returns: the creation date of the signer's key or %-1 if unknown.
- **/
-time_t
-g_mime_signer_get_key_created (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, (time_t) -1);
-	
-	return signer->key_created;
-}
-
-
-/**
- * g_mime_signer_set_key_expires:
- * @signer: a #GMimeSigner
- * @expires: expiration date
- *
- * Set the expiration date of the signer's key.
- **/
-void
-g_mime_signer_set_key_expires (GMimeSigner *signer, time_t expires)
-{
-	g_return_if_fail (signer != NULL);
-	
-	signer->key_expires = expires;
-}
-
-
-/**
- * g_mime_signer_get_key_expires:
- * @signer: a #GMimeSigner
- *
- * Get the expiration date of the signer's key.
- *
- * Returns: the expiration date of the signer's key or %-1 if unknown.
- **/
-time_t
-g_mime_signer_get_key_expires (const GMimeSigner *signer)
-{
-	g_return_val_if_fail (signer != NULL, (time_t) -1);
-	
-	return signer->key_expires;
-}
-
-
-/**
- * g_mime_signature_validity_new:
- *
- * Creates a new #GMimeSignatureValidity.
- *
- * Returns: a new #GMimeSignatureValidity.
- **/
-GMimeSignatureValidity *
-g_mime_signature_validity_new (void)
-{
-	GMimeSignatureValidity *validity;
-	
-	validity = g_slice_new (GMimeSignatureValidity);
-	validity->signers = NULL;
-	validity->details = NULL;
-	
-	return validity;
-}
-
-
-/**
- * g_mime_signature_validity_free:
- * @validity: a #GMimeSignatureValidity
- *
- * Frees the memory used by @validity back to the system.
- **/
-void
-g_mime_signature_validity_free (GMimeSignatureValidity *validity)
+GType
+g_mime_decrypt_result_get_type (void)
 {
-	GMimeSigner *signer, *next;
-	
-	if (validity == NULL)
-		return;
+	static GType type = 0;
 	
-	signer = validity->signers;
-	while (signer != NULL) {
-		next = signer->next;
-		g_mime_signer_free (signer);
-		signer = next;
+	if (!type) {
+		static const GTypeInfo info = {
+			sizeof (GMimeDecryptResultClass),
+			NULL, /* base_class_init */
+			NULL, /* base_class_finalize */
+			(GClassInitFunc) g_mime_decrypt_result_class_init,
+			NULL, /* class_finalize */
+			NULL, /* class_data */
+			sizeof (GMimeDecryptResult),
+			0,    /* n_preallocs */
+			(GInstanceInitFunc) g_mime_decrypt_result_init,
+		};
+		
+		type = g_type_register_static (G_TYPE_OBJECT, "GMimeDecryptResult", &info, 0);
 	}
 	
-	g_free (validity->details);
-	
-	g_slice_free (GMimeSignatureValidity, validity);
-}
-
-
-/**
- * g_mime_signature_validity_get_details:
- * @validity: a #GMimeSignatureValidity
- *
- * Gets any user-readable status details.
- *
- * Returns: a user-readable string containing any status information.
- **/
-const char *
-g_mime_signature_validity_get_details (const GMimeSignatureValidity *validity)
-{
-	g_return_val_if_fail (validity != NULL, NULL);
-	
-	return validity->details;
+	return type;
 }
 
-
-/**
- * g_mime_signature_validity_set_details:
- * @validity: a #GMimeSignatureValidity
- * @details: details string
- *
- * Sets @details as the status details string on @validity.
- **/
-void
-g_mime_signature_validity_set_details (GMimeSignatureValidity *validity, const char *details)
+static void
+g_mime_decrypt_result_class_init (GMimeDecryptResultClass *klass)
 {
-	g_return_if_fail (validity != NULL);
+	GObjectClass *object_class = G_OBJECT_CLASS (klass);
 	
-	g_free (validity->details);
-	validity->details = g_strdup (details);
-}
-
-
-/**
- * g_mime_signature_validity_get_signers:
- * @validity: a #GMimeSignatureValidity
- *
- * Gets the list of signers.
- *
- * Returns: a #GMimeSigner list which contain further information such
- * as trust and crypto keys. These signers are part of the
- * #GMimeSignatureValidity and should NOT be freed individually.
- **/
-const GMimeSigner *
-g_mime_signature_validity_get_signers (const GMimeSignatureValidity *validity)
-{
-	g_return_val_if_fail (validity != NULL, NULL);
+	parent_class = g_type_class_ref (G_TYPE_OBJECT);
 	
-	return validity->signers;
+	object_class->finalize = g_mime_decrypt_result_finalize;
 }
 
-
-/**
- * g_mime_signature_validity_add_signer:
- * @validity: a #GMimeSignatureValidity
- * @signer: a #GMimeSigner
- *
- * Adds @signer to the list of signers on @validity. Once the signer
- * is added, it must NOT be freed.
- **/
-void
-g_mime_signature_validity_add_signer (GMimeSignatureValidity *validity, GMimeSigner *signer)
+static void
+g_mime_decrypt_result_init (GMimeDecryptResult *result, GMimeDecryptResultClass *klass)
 {
-	GMimeSigner *s;
-	
-	g_return_if_fail (validity != NULL);
-	g_return_if_fail (signer != NULL);
-	
-	if (validity->signers == NULL) {
-		validity->signers = signer;
-	} else {
-		s = validity->signers;
-		while (s->next != NULL)
-			s = s->next;
-		
-		s->next = signer;
-	}
+	result->cipher = GMIME_CIPHER_ALGO_DEFAULT;
+	result->mdc = GMIME_DIGEST_ALGO_DEFAULT;
+	result->recipients = NULL;
+	result->signatures = NULL;
 }
 
-
-/**
- * g_mime_crypto_recipient_new:
- *
- * Allocates an new #GMimeCryptoRecipient. This function is meant to be used
- * in #GMimeCryptoContext subclasses when allocating recipients to add to a
- * #GMimeDecryptionResult.
- *
- * Returns: a new #GMimeCryptoRecipient.
- **/
-GMimeCryptoRecipient *
-g_mime_crypto_recipient_new (void)
+static void
+g_mime_decrypt_result_finalize (GObject *object)
 {
-	GMimeCryptoRecipient *recipient;
+	GMimeDecryptResult *result = (GMimeDecryptResult *) object;
 	
-	recipient = g_slice_new (GMimeCryptoRecipient);
-	recipient->pubkey_algo = GMIME_CRYPTO_PUBKEY_ALGO_DEFAULT;
-	recipient->keyid = NULL;
-	recipient->next = NULL;
+	if (result->recipients)
+		g_object_unref (result->recipients);
 	
-	return recipient;
-}
-
-
-/**
- * g_mime_crypto_recipient_free:
- * @recipient: a #GMimeCryptoRecipient
- *
- * Frees the singleton recipient. Should NOT be used to free recipients
- * returned from g_mime_signature_validity_get_recipients().
- **/
-void
-g_mime_crypto_recipient_free (GMimeCryptoRecipient *recipient)
-{
-	g_free (recipient->keyid);
+	if (result->signatures)
+		g_object_unref (result->signatures);
 	
-	g_slice_free (GMimeCryptoRecipient, recipient);
+	G_OBJECT_CLASS (result_parent_class)->finalize (object);
 }
 
 
 /**
- * g_mime_crypto_recipient_next:
- * @recipient: a #GMimeCryptoRecipient
- *
- * Advance to the next recipient.
+ * g_mime_decrypt_result_new:
  *
- * Returns: the next #GMimeCryptoRecipient or %NULL when complete.
+ * Creates a new #GMimeDecryptResult object.
+ * 
+ * Returns: a new #GMimeDecryptResult object.
  **/
-const GMimeCryptoRecipient *
-g_mime_crypto_recipient_next (const GMimeCryptoRecipient *recipient)
+GMimeDecryptResult *
+g_mime_decrypt_result_new (void)
 {
-	g_return_val_if_fail (recipient != NULL, NULL);
-	
-	return recipient->next;
+	return g_object_newv (GMIME_TYPE_DECRYPT_RESULT, 0, NULL);
 }
 
 
 /**
- * g_mime_crypto_recipient_set_pubkey_algo:
- * @recipient: a #GMimeCryptoRecipient
- * @pubkey_algo: a #GMimeCryptoPubKeyAlgo
+ * g_mime_decrypt_result_set_recipients:
+ * @result: A #GMimeDecryptResult
+ * @recipients: A #GMimeCertificateList
  *
- * Set the public-key algorithm used by the recipient.
+ * Sets the list of certificates that the stream had been encrypted to.
  **/
 void
-g_mime_crypto_recipient_set_pubkey_algo (GMimeCryptoRecipient *recipient, GMimeCryptoPubKeyAlgo pubkey_algo)
+g_mime_decrypt_result_set_recipients (GMimeDecryptResult *result, GMimeCertificateList *recipients)
 {
-	g_return_if_fail (recipient != NULL);
+	g_return_if_fail (GMIME_IS_DECRYPT_RESULT (result));
+	g_return_if_fail (GMIME_IS_CERTIFICATE_LIST (recipients));
 	
-	recipient->pubkey_algo = pubkey_algo;
-}
-
-
-/**
- * g_mime_crypto_recipient_get_pubkey_algo:
- * @recipient: a #GMimeCryptoRecipient
- *
- * Get the public-key algorithm used by the recipient.
- *
- * Returns: the public-key algorithm used by the recipient.
- **/
-GMimeCryptoPubKeyAlgo
-g_mime_crypto_recipient_get_pubkey_algo (const GMimeCryptoRecipient *recipient)
-{
-	g_return_val_if_fail (recipient != NULL, GMIME_CRYPTO_PUBKEY_ALGO_DEFAULT);
+	if (result->recipients == recipients)
+		return;
 	
-	return recipient->pubkey_algo;
-}
-
-
-/**
- * g_mime_crypto_recipient_set_key_id:
- * @recipient: a #GMimeCryptoRecipient
- * @key_id: key id
- *
- * Set the recipient's key id.
- **/
-void
-g_mime_crypto_recipient_set_key_id (GMimeCryptoRecipient *recipient, const char *key_id)
-{
-	g_return_if_fail (recipient != NULL);
+	if (result->recipients)
+		g_object_unref (result->recipients);
 	
-	g_free (recipient->keyid);
-	recipient->keyid = g_strdup (key_id);
-}
-
-
-/**
- * g_mime_crypto_recipient_get_key_id:
- * @recipient: a #GMimeCryptoRecipient
- *
- * Get the recipient's key id.
- *
- * Returns: the recipient's key id.
- **/
-const char *
-g_mime_crypto_recipient_get_key_id (const GMimeCryptoRecipient *recipient)
-{
-	g_return_val_if_fail (recipient != NULL, NULL);
+	if (recipients)
+		g_object_ref (recipients);
 	
-	return recipient->keyid;
+	result->recipients = recipients;
 }
 
 
 /**
- * g_mime_decryption_result_new:
+ * g_mime_decrypt_result_get_recipients:
+ * @result: A #GMimeDecryptResult
  *
- * Creates a new #GMimeDecryptionResult.
+ * Gets the list of certificates that the stream had been encrypted to.
  *
- * Returns: a new #GMimeDecryptionResult.
+ * Returns: a #GMimeCertificateList.
  **/
-GMimeDecryptionResult *
-g_mime_decryption_result_new (void)
+GMimeCertificateList *
+g_mime_decrypt_result_get_recipients (GMimeDecryptResult *result)
 {
-	GMimeDecryptionResult *result;
-	
-	result = g_slice_new (GMimeDecryptionResult);
-	result->cipher = GMIME_CRYPTO_CIPHER_ALGO_DEFAULT;
-	result->mdc = GMIME_CRYPTO_HASH_DEFAULT;
-	result->recipients = NULL;
-	result->validity = NULL;
+	g_return_val_if_fail (GMIME_IS_DECRYPT_RESULT (result), NULL);
 	
-	return result;
+	return result->recipients;
 }
 
 
 /**
- * g_mime_decryption_result_free:
- * @result: a #GMimeDecryptionResult
+ * g_mime_decrypt_result_set_signatures:
+ * @result: A #GMimeDecryptResult
+ * @signatures: A #GMimeSignatureList
  *
- * Frees the memory used by @result back to the system.
+ * Sets the list of signatures.
  **/
 void
-g_mime_decryption_result_free (GMimeDecryptionResult *result)
+g_mime_decrypt_result_set_signatures (GMimeDecryptResult *result, GMimeSignatureList *signatures)
 {
-	GMimeCryptoRecipient *recipient, *next;
+	g_return_if_fail (GMIME_IS_DECRYPT_RESULT (result));
+	g_return_if_fail (GMIME_IS_SIGNATURE_LIST (signatures));
 	
-	if (result == NULL)
+	if (result->signatures == signatures)
 		return;
 	
-	recipient = result->recipients;
-	while (recipient != NULL) {
-		next = recipient->next;
-		g_mime_crypto_recipient_free (recipient);
-		recipient = next;
-	}
+	if (result->signatures)
+		g_object_unref (result->signatures);
 	
-	g_mime_signature_validity_free (result->validity);
+	if (signatures)
+		g_object_ref (signatures);
 	
-	g_slice_free (GMimeDecryptionResult, result);
+	result->signatures = signatures;
 }
 
 
 /**
- * g_mime_decryption_result_get_validity:
- * @result: a #GMimeDecryptionResult
+ * g_mime_decrypt_result_get_signatures:
+ * @result: A #GMimeDecryptResult
  *
- * Gets the signature validity if the decrypted stream was also signed.
+ * Gets a list of signatures if the encrypted stream had also been signed.
  *
- * Returns: a #GMimeSignatureValidity or %NULL if the stream was not signed.
+ * Returns: a #GMimeSignatureList or %NULL if the stream was not signed.
  **/
-const GMimeSignatureValidity *
-g_mime_decryption_result_get_validity (const GMimeDecryptionResult *result)
+GMimeSignatureList *
+g_mime_decrypt_result_get_signatures (GMimeDecryptResult *result)
 {
-	g_return_val_if_fail (result != NULL, NULL);
+	g_return_val_if_fail (GMIME_IS_DECRYPT_RESULT (result), NULL);
 	
-	return result->validity;
-}
-
-
-/**
- * g_mime_decryption_result_set_validity:
- * @result: a #GMimeDecryptionResult
- * @validity: a #GMimeSignatureValidity
- *
- * Sets @validity as the #GMimeDecryptionResult.
- **/
-void
-g_mime_decryption_result_set_validity (GMimeDecryptionResult *result, GMimeSignatureValidity *validity)
-{
-	g_return_if_fail (result != NULL);
-	
-	g_mime_signature_validity_free (result->validity);
-	result->validity = validity;
-}
-
-
-/**
- * g_mime_decryption_result_get_recipients:
- * @result: signature result
- *
- * Gets the list of recipients.
- *
- * Returns: a #GMimeCryptoRecipient list which contain further information such
- * as trust and crypto keys. These recipients are part of the
- * #GMimeDecryptionResult and should NOT be freed individually.
- **/
-const GMimeCryptoRecipient *
-g_mime_decryption_result_get_recipients (const GMimeDecryptionResult *result)
-{
-	g_return_val_if_fail (result != NULL, NULL);
-	
-	return result->recipients;
-}
-
-
-/**
- * g_mime_decryption_result_add_recipient:
- * @result: a #GMimeDecryptionResult
- * @recipient: a #GMimeCryptoRecipient
- *
- * Adds @recipient to the list of recipients on @result. Once the recipient
- * is added, it must NOT be freed.
- **/
-void
-g_mime_decryption_result_add_recipient (GMimeDecryptionResult *result, GMimeCryptoRecipient *recipient)
-{
-	GMimeCryptoRecipient *r;
-	
-	g_return_if_fail (result != NULL);
-	g_return_if_fail (recipient != NULL);
-	
-	if (result->recipients == NULL) {
-		result->recipients = recipient;
-	} else {
-		r = result->recipients;
-		while (r->next != NULL)
-			r = r->next;
-		
-		r->next = recipient;
-	}
+	return result->signatures;
 }
 
 
 /**
- * g_mime_decryption_result_set_cipher:
- * @result: a #GMimeDecryptionResult
- * @cipher: a #GMimeCryptoCipherAlgo
+ * g_mime_decrypt_result_set_cipher:
+ * @result: a #GMimeDecryptResult
+ * @cipher: a #GMimeCipherAlgo
  *
  * Set the cipher algorithm used.
  **/
 void
-g_mime_decryption_result_set_cipher (GMimeDecryptionResult *result, GMimeCryptoCipherAlgo cipher)
+g_mime_decrypt_result_set_cipher (GMimeDecryptResult *result, GMimeCipherAlgo cipher)
 {
-	g_return_if_fail (result != NULL);
+	g_return_if_fail (GMIME_IS_DECRYPT_RESULT (result));
 	
 	result->cipher = cipher;
 }
 
 
 /**
- * g_mime_decryption_result_get_cipher:
- * @result: a #GMimeDecryptionResult
+ * g_mime_decrypt_result_get_cipher:
+ * @result: a #GMimeDecryptResult
  *
  * Get the cipher algorithm used.
  *
  * Returns: the cipher algorithm used.
  **/
-GMimeCryptoCipherAlgo
-g_mime_decryption_result_get_cipher (const GMimeDecryptionResult *result)
+GMimeCipherAlgo
+g_mime_decrypt_result_get_cipher (GMimeDecryptResult *result)
 {
-	g_return_val_if_fail (result != NULL, GMIME_CRYPTO_CIPHER_ALGO_DEFAULT);
+	g_return_val_if_fail (GMIME_IS_DECRYPT_RESULT (result), GMIME_CIPHER_ALGO_DEFAULT);
 	
 	return result->cipher;
 }
 
 
 /**
- * g_mime_decryption_result_set_mdc:
- * @result: a #GMimeDecryptionResult
- * @mdc: a #GMimeCryptoHash
+ * g_mime_decrypt_result_set_mdc:
+ * @result: a #GMimeDecryptResult
+ * @mdc: a #GMimeDigestAlgo
  *
  * Set the mdc digest algorithm used.
  **/
 void
-g_mime_decryption_result_set_mdc (GMimeDecryptionResult *result, GMimeCryptoHash mdc)
+g_mime_decrypt_result_set_mdc (GMimeDecryptResult *result, GMimeDigestAlgo mdc)
 {
-	g_return_if_fail (result != NULL);
+	g_return_if_fail (GMIME_IS_DECRYPT_RESULT (result));
 	
 	result->mdc = mdc;
 }
 
 
 /**
- * g_mime_decryption_result_get_mdc:
- * @result: a #GMimeDecryptionResult
+ * g_mime_decrypt_result_get_mdc:
+ * @result: a #GMimeDecryptResult
  *
  * Get the mdc digest algorithm used.
  *
  * Returns: the mdc digest algorithm used.
  **/
-GMimeCryptoHash
-g_mime_decryption_result_get_mdc (const GMimeDecryptionResult *result)
+GMimeDigestAlgo
+g_mime_decryption_result_get_mdc (GMimeDecryptResult *result)
 {
-	g_return_val_if_fail (result != NULL, GMIME_CRYPTO_HASH_DEFAULT);
+	g_return_val_if_fail (GMIME_IS_DECRYPT_RESULT (result), GMIME_DIGEST_ALGO_DEFAULT);
 	
 	return result->mdc;
 }
diff --git a/gmime/gmime-crypto-context.h b/gmime/gmime-crypto-context.h
index c6de857..3fd5e04 100644
--- a/gmime/gmime-crypto-context.h
+++ b/gmime/gmime-crypto-context.h
@@ -22,11 +22,7 @@
 #ifndef __GMIME_CRYPTO_CONTEXT_H__
 #define __GMIME_CRYPTO_CONTEXT_H__
 
-#include <glib.h>
-#include <glib-object.h>
-
-#include <time.h>
-
+#include <gmime/gmime-signature.h>
 #include <gmime/gmime-stream.h>
 
 G_BEGIN_DECLS
@@ -38,13 +34,18 @@ G_BEGIN_DECLS
 #define GMIME_IS_CRYPTO_CONTEXT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GMIME_TYPE_CRYPTO_CONTEXT))
 #define GMIME_CRYPTO_CONTEXT_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), GMIME_TYPE_CRYPTO_CONTEXT, GMimeCryptoContextClass))
 
+#define GMIME_TYPE_DECRYPT_RESULT            (g_mime_decrypt_result_get_type ())
+#define GMIME_DECRYPT_RESULT(obj)            (G_TYPE_CHECK_INSTANCE_CAST ((obj), GMIME_TYPE_DECRYPT_RESULT, GMimeDecryptResult))
+#define GMIME_DECRYPT_RESULT_CLASS(klass)    (G_TYPE_CHECK_CLASS_CAST ((klass), GMIME_TYPE_DECRYPT_RESULT, GMimeDecryptResultClass))
+#define GMIME_IS_DECRYPT_RESULT(obj)         (G_TYPE_CHECK_INSTANCE_TYPE ((obj), GMIME_TYPE_DECRYPT_RESULT))
+#define GMIME_IS_DECRYPT_RESULT_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), GMIME_TYPE_DECRYPT_RESULT))
+#define GMIME_DECRYPT_RESULT_GET_CLASS(obj)  (G_TYPE_INSTANCE_GET_CLASS ((obj), GMIME_TYPE_DECRYPT_RESULT, GMimeDecryptResultClass))
+
 typedef struct _GMimeCryptoContext GMimeCryptoContext;
 typedef struct _GMimeCryptoContextClass GMimeCryptoContextClass;
 
-typedef struct _GMimeSigner GMimeSigner;
-typedef struct _GMimeCryptoRecipient GMimeCryptoRecipient;
-typedef struct _GMimeDecryptionResult GMimeDecryptionResult;
-typedef struct _GMimeSignatureValidity GMimeSignatureValidity;
+typedef struct _GMimeDecryptResult GMimeDecryptResult;
+typedef struct _GMimeDecryptResultClass GMimeDecryptResultClass;
 
 
 /**
@@ -66,39 +67,6 @@ typedef gboolean (* GMimePasswordRequestFunc) (GMimeCryptoContext *ctx, const ch
 
 
 /**
- * GMimeCryptoHash:
- * @GMIME_CRYPTO_HASH_DEFAULT: The default hash algorithm.
- * @GMIME_CRYPTO_HASH_MD5: The MD5 hash algorithm.
- * @GMIME_CRYPTO_HASH_SHA1: The SHA-1 hash algorithm.
- * @GMIME_CRYPTO_HASH_RIPEMD160: The RIPEMD-160 hash algorithm.
- * @GMIME_CRYPTO_HASH_MD2: The MD2 hash algorithm.
- * @GMIME_CRYPTO_HASH_TIGER192: The TIGER-192 hash algorithm.
- * @GMIME_CRYPTO_HASH_HAVAL5160: The HAVAL-5-160 hash algorithm.
- * @GMIME_CRYPTO_HASH_SHA256: The SHA-256 hash algorithm.
- * @GMIME_CRYPTO_HASH_SHA384: The SHA-384 hash algorithm.
- * @GMIME_CRYPTO_HASH_SHA512: The SHA-512 hash algorithm.
- * @GMIME_CRYPTO_HASH_SHA224: The SHA-224 hash algorithm.
- * @GMIME_CRYPTO_HASH_MD4: The MD4 hash algorithm.
- *
- * A hash algorithm.
- **/
-typedef enum {
-	GMIME_CRYPTO_HASH_DEFAULT     = 0,
-	GMIME_CRYPTO_HASH_MD5         = 1,
-	GMIME_CRYPTO_HASH_SHA1        = 2,
-	GMIME_CRYPTO_HASH_RIPEMD160   = 3,
-	GMIME_CRYPTO_HASH_MD2         = 5,
-	GMIME_CRYPTO_HASH_TIGER192    = 6,
-	GMIME_CRYPTO_HASH_HAVAL5160   = 7,
-	GMIME_CRYPTO_HASH_SHA256      = 8,
-	GMIME_CRYPTO_HASH_SHA384      = 9,
-	GMIME_CRYPTO_HASH_SHA512      = 10,
-	GMIME_CRYPTO_HASH_SHA224      = 11,
-	GMIME_CRYPTO_HASH_MD4         = 301,
-} GMimeCryptoHash;
-
-
-/**
  * GMimeCryptoContext:
  * @parent_object: parent #GObject
  * @request_passwd: a callback for requesting a password
@@ -114,9 +82,9 @@ struct _GMimeCryptoContext {
 struct _GMimeCryptoContextClass {
 	GObjectClass parent_class;
 	
-	GMimeCryptoHash          (* hash_id)     (GMimeCryptoContext *ctx, const char *hash);
+	GMimeDigestAlgo          (* digest_id)   (GMimeCryptoContext *ctx, const char *name);
 	
-	const char *             (* hash_name)   (GMimeCryptoContext *ctx, GMimeCryptoHash hash);
+	const char *             (* digest_name) (GMimeCryptoContext *ctx, GMimeDigestAlgo digest);
 	
 	const char *             (* get_signature_protocol) (GMimeCryptoContext *ctx);
 	
@@ -125,19 +93,19 @@ struct _GMimeCryptoContextClass {
 	const char *             (* get_key_exchange_protocol) (GMimeCryptoContext *ctx);
 	
 	int                      (* sign)        (GMimeCryptoContext *ctx, const char *userid,
-						  GMimeCryptoHash hash, GMimeStream *istream,
+						  GMimeDigestAlgo digest, GMimeStream *istream,
 						  GMimeStream *ostream, GError **err);
 	
-	GMimeSignatureValidity * (* verify)      (GMimeCryptoContext *ctx, GMimeCryptoHash hash,
+	GMimeSignatureList *     (* verify)      (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
 						  GMimeStream *istream, GMimeStream *sigstream,
 						  GError **err);
 	
 	int                      (* encrypt)     (GMimeCryptoContext *ctx, gboolean sign,
-						  const char *userid, GMimeCryptoHash hash,
+						  const char *userid, GMimeDigestAlgo digest,
 						  GPtrArray *recipients, GMimeStream *istream,
 						  GMimeStream *ostream, GError **err);
 	
-	GMimeDecryptionResult *  (* decrypt)     (GMimeCryptoContext *ctx, GMimeStream *istream,
+	GMimeDecryptResult *     (* decrypt)     (GMimeCryptoContext *ctx, GMimeStream *istream,
 						  GMimeStream *ostream, GError **err);
 	
 	int                      (* import_keys) (GMimeCryptoContext *ctx, GMimeStream *istream,
@@ -152,10 +120,10 @@ GType g_mime_crypto_context_get_type (void);
 
 void g_mime_crypto_context_set_request_password (GMimeCryptoContext *ctx, GMimePasswordRequestFunc request_passwd);
 
-/* hash routines */
-GMimeCryptoHash g_mime_crypto_context_hash_id (GMimeCryptoContext *ctx, const char *hash);
+/* digest algo mapping */
+GMimeDigestAlgo g_mime_crypto_context_digest_id (GMimeCryptoContext *ctx, const char *name);
 
-const char *g_mime_crypto_context_hash_name (GMimeCryptoContext *ctx, GMimeCryptoHash hash);
+const char *g_mime_crypto_context_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest);
 
 /* protocol routines */
 const char *g_mime_crypto_context_get_signature_protocol (GMimeCryptoContext *ctx);
@@ -166,20 +134,20 @@ const char *g_mime_crypto_context_get_key_exchange_protocol (GMimeCryptoContext
 
 /* crypto routines */
 int g_mime_crypto_context_sign (GMimeCryptoContext *ctx, const char *userid,
-				GMimeCryptoHash hash, GMimeStream *istream,
+				GMimeDigestAlgo digest, GMimeStream *istream,
 				GMimeStream *ostream, GError **err);
 
-GMimeSignatureValidity *g_mime_crypto_context_verify (GMimeCryptoContext *ctx, GMimeCryptoHash hash,
-						      GMimeStream *istream, GMimeStream *sigstream,
-						      GError **err);
+GMimeSignatureList *g_mime_crypto_context_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
+						  GMimeStream *istream, GMimeStream *sigstream,
+						  GError **err);
 
 int g_mime_crypto_context_encrypt (GMimeCryptoContext *ctx, gboolean sign,
-				   const char *userid, GMimeCryptoHash hash,
+				   const char *userid, GMimeDigestAlgo digest,
 				   GPtrArray *recipients, GMimeStream *istream,
 				   GMimeStream *ostream, GError **err);
 
-GMimeDecryptionResult *g_mime_crypto_context_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
-						      GMimeStream *ostream, GError **err);
+GMimeDecryptResult *g_mime_crypto_context_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
+						   GMimeStream *ostream, GError **err);
 
 /* key/certificate routines */
 int g_mime_crypto_context_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream, GError **err);
@@ -188,308 +156,77 @@ int g_mime_crypto_context_export_keys (GMimeCryptoContext *ctx, GPtrArray *keys,
 				       GMimeStream *ostream, GError **err);
 
 
-/* signature status structures and functions */
-
-/**
- * GMimeCryptoPubKeyAlgo:
- * @GMIME_CRYPTO_PUBKEY_ALGO_DEFAULT: The default public-key algorithm.
- * @GMIME_CRYPTO_PUBKEY_ALGO_RSA: The RSA algorithm.
- * @GMIME_CRYPTO_PUBKEY_ALGO_RSA_E: An encryption-only RSA algorithm.
- * @GMIME_CRYPTO_PUBKEY_ALGO_RSA_S: A signature-only RSA algorithm.
- * @GMIME_CRYPTO_PUBKEY_ALGO_ELG_E: An encryption-only ElGamal algorithm.
- * @GMIME_CRYPTO_PUBKEY_ALGO_DSA: The DSA algorithm.
- * @GMIME_CRYPTO_PUBKEY_ALGO_ELG: The ElGamal algorithm.
- *
- * A public-key algorithm.
- **/
-typedef enum {
-	GMIME_CRYPTO_PUBKEY_ALGO_DEFAULT  = 0,
-	GMIME_CRYPTO_PUBKEY_ALGO_RSA      = 1,
-	GMIME_CRYPTO_PUBKEY_ALGO_RSA_E    = 2,
-	GMIME_CRYPTO_PUBKEY_ALGO_RSA_S    = 3,
-	GMIME_CRYPTO_PUBKEY_ALGO_ELG_E    = 16,
-	GMIME_CRYPTO_PUBKEY_ALGO_DSA      = 17,
-	GMIME_CRYPTO_PUBKEY_ALGO_ELG      = 20
-} GMimeCryptoPubKeyAlgo;
-
-
-/**
- * GMimeSignerTrust:
- * @GMIME_SIGNER_TRUST_NONE: No trust assigned.
- * @GMIME_SIGNER_TRUST_NEVER: Never trust this signer.
- * @GMIME_SIGNER_TRUST_UNDEFINED: Undefined trust for this signer.
- * @GMIME_SIGNER_TRUST_MARGINAL: Trust this signer maginally.
- * @GMIME_SIGNER_TRUST_FULLY: Trust this signer fully.
- * @GMIME_SIGNER_TRUST_ULTIMATE: Trust this signer ultimately.
- *
- * The trust value of a signer.
- **/
-typedef enum {
-	GMIME_SIGNER_TRUST_NONE,
-	GMIME_SIGNER_TRUST_NEVER,
-	GMIME_SIGNER_TRUST_UNDEFINED,
-	GMIME_SIGNER_TRUST_MARGINAL,
-	GMIME_SIGNER_TRUST_FULLY,
-	GMIME_SIGNER_TRUST_ULTIMATE
-} GMimeSignerTrust;
-
 
 /**
- * GMimeSignerStatus:
- * @GMIME_SIGNER_STATUS_GOOD: Good signature.
- * @GMIME_SIGNER_STATUS_ERROR: An error occurred.
- * @GMIME_SIGNER_STATUS_BAD: Bad signature.
- *
- * A value representing the signature status for a particular
- * #GMimeSigner.
- **/
-typedef enum {
-	GMIME_SIGNER_STATUS_GOOD,
-	GMIME_SIGNER_STATUS_ERROR,
-	GMIME_SIGNER_STATUS_BAD
-} GMimeSignerStatus;
-
-
-/**
- * GMimeSignerError:
- * @GMIME_SIGNER_ERROR_NONE: No error.
- * @GMIME_SIGNER_ERROR_EXPSIG: Expired signature.
- * @GMIME_SIGNER_ERROR_NO_PUBKEY: No public key found.
- * @GMIME_SIGNER_ERROR_EXPKEYSIG: Expired signature key.
- * @GMIME_SIGNER_ERROR_REVKEYSIG: Revoked signature key.
- * @GMIME_SIGNER_ERROR_UNSUPP_ALGO: Unsupported algorithm.
- *
- * Possible errors that a #GMimeSigner could have.
- **/
-typedef enum {
-	GMIME_SIGNER_ERROR_NONE        = 0,
-	GMIME_SIGNER_ERROR_EXPSIG      = (1 << 0),  /* expired signature */
-	GMIME_SIGNER_ERROR_NO_PUBKEY   = (1 << 1),  /* no public key */
-	GMIME_SIGNER_ERROR_EXPKEYSIG   = (1 << 2),  /* expired key */
-	GMIME_SIGNER_ERROR_REVKEYSIG   = (1 << 3),  /* revoked key */
-	GMIME_SIGNER_ERROR_UNSUPP_ALGO = (1 << 4)   /* unsupported algorithm */
-} GMimeSignerError;
-
-
-/**
- * GMimeSigner:
- * @next: Pointer to the next #GMimeSigner.
- * @status: A #GMimeSignerStatus.
- * @errors: A bitfield of #GMimeSignerError values.
- * @trust: A #GMimeSignerTrust.
- * @unused: Unused expansion bits for future use; ignore this.
- * @sig_class: Crypto-specific signature class.
- * @sig_ver: Crypto-specific signature version.
- * @pubkey_algo: The public-key algorithm used by the signer, if known.
- * @hash_algo: The hash algorithm used by the signer, if known.
- * @issuer_serial: The issuer of the certificate, if known.
- * @issuer_name: The issuer of the certificate, if known.
- * @fingerprint: A hex string representing the signer's fingerprint.
- * @sig_created: The creation date of the signature.
- * @sig_expires: The expiration date of the signature.
- * @key_created: The creation date of the signature key.
- * @key_expires: The expiration date of the signature key.
- * @keyid: The signer's key id.
- * @email: The email address of the person or entity.
- * @name: The name of the person or entity.
- *
- * A structure containing useful information about a signer.
- **/
-struct _GMimeSigner {
-	GMimeSigner *next;
-	unsigned int status:2;    /* GMimeSignerStatus */
-	unsigned int errors:6;    /* bitfield of GMimeSignerError's */
-	unsigned int trust:3;     /* GMimeSignerTrust */
-	unsigned int unused:5;    /* unused expansion bits */
-	unsigned int sig_class:8; /* crypto-specific signature class */
-	unsigned int sig_ver:8;   /* crypto-specific signature version */
-	GMimeCryptoPubKeyAlgo pubkey_algo;
-	GMimeCryptoHash hash_algo;
-	char *issuer_serial;
-	char *issuer_name;
-	char *fingerprint;
-	time_t sig_created;
-	time_t sig_expires;
-	time_t key_created;
-	time_t key_expires;
-	char *keyid;
-	char *email;
-	char *name;
-};
-
-
-GMimeSigner *g_mime_signer_new (GMimeSignerStatus status);
-void g_mime_signer_free (GMimeSigner *signer);
-
-const GMimeSigner *g_mime_signer_next (const GMimeSigner *signer);
-
-void g_mime_signer_set_status (GMimeSigner *signer, GMimeSignerStatus status);
-GMimeSignerStatus g_mime_signer_get_status (const GMimeSigner *signer);
-
-void g_mime_signer_set_errors (GMimeSigner *signer, GMimeSignerError error);
-GMimeSignerError g_mime_signer_get_errors (const GMimeSigner *signer);
-
-void g_mime_signer_set_trust (GMimeSigner *signer, GMimeSignerTrust trust);
-GMimeSignerTrust g_mime_signer_get_trust (const GMimeSigner *signer);
-
-void g_mime_signer_set_sig_class (GMimeSigner *signer, int sig_class);
-int g_mime_signer_get_sig_class (const GMimeSigner *signer);
-
-void g_mime_signer_set_sig_version (GMimeSigner *signer, int version);
-int g_mime_signer_get_sig_version (const GMimeSigner *signer);
-
-void g_mime_signer_set_pubkey_algo (GMimeSigner *signer, GMimeCryptoPubKeyAlgo pubkey_algo);
-GMimeCryptoPubKeyAlgo g_mime_signer_get_pubkey_algo (const GMimeSigner *signer);
-
-void g_mime_signer_set_hash_algo (GMimeSigner *signer, GMimeCryptoHash hash);
-GMimeCryptoHash g_mime_signer_get_hash_algo (const GMimeSigner *signer);
-
-void g_mime_signer_set_issuer_serial (GMimeSigner *signer, const char *issuer_serial);
-const char *g_mime_signer_get_issuer_serial (const GMimeSigner *signer);
-
-void g_mime_signer_set_issuer_name (GMimeSigner *signer, const char *issuer_name);
-const char *g_mime_signer_get_issuer_name (const GMimeSigner *signer);
-
-void g_mime_signer_set_fingerprint (GMimeSigner *signer, const char *fingerprint);
-const char *g_mime_signer_get_fingerprint (const GMimeSigner *signer);
-
-void g_mime_signer_set_key_id (GMimeSigner *signer, const char *key_id);
-const char *g_mime_signer_get_key_id (const GMimeSigner *signer);
-
-void g_mime_signer_set_email (GMimeSigner *signer, const char *email);
-const char *g_mime_signer_get_email (const GMimeSigner *signer);
-
-void g_mime_signer_set_name (GMimeSigner *signer, const char *name);
-const char *g_mime_signer_get_name (const GMimeSigner *signer);
-
-void g_mime_signer_set_sig_created (GMimeSigner *signer, time_t created);
-time_t g_mime_signer_get_sig_created (const GMimeSigner *signer);
-
-void g_mime_signer_set_sig_expires (GMimeSigner *signer, time_t expires);
-time_t g_mime_signer_get_sig_expires (const GMimeSigner *signer);
-
-void g_mime_signer_set_key_created (GMimeSigner *signer, time_t created);
-time_t g_mime_signer_get_key_created (const GMimeSigner *signer);
-
-void g_mime_signer_set_key_expires (GMimeSigner *signer, time_t expires);
-time_t g_mime_signer_get_key_expires (const GMimeSigner *signer);
-
-
-/**
- * GMimeSignatureValidity:
- * @signers: A list of #GMimeSigner structures.
- * @details: A string containing more user-readable details.
- *
- * A structure containing information about the signature validity of
- * a signed stream.
- **/
-struct _GMimeSignatureValidity {
-	GMimeSigner *signers;
-	char *details;
-};
-
-
-GMimeSignatureValidity *g_mime_signature_validity_new (void);
-void g_mime_signature_validity_free (GMimeSignatureValidity *validity);
-
-void g_mime_signature_validity_set_details (GMimeSignatureValidity *validity, const char *details);
-const char *g_mime_signature_validity_get_details (const GMimeSignatureValidity *validity);
-
-const GMimeSigner *g_mime_signature_validity_get_signers (const GMimeSignatureValidity *validity);
-void g_mime_signature_validity_add_signer (GMimeSignatureValidity *validity, GMimeSigner *signer);
-
-
-
-/**
- * GMimeCryptoRecipient:
- * @next: Pointer to the next #GMimeCryptoRecipient.
- * @pubkey_algo: The public-key algorithm used by the recipient, if known.
- * @keyid: The recipient's key id.
- *
- * A structure containing useful information about a recipient.
- **/
-struct _GMimeCryptoRecipient {
-	GMimeCryptoRecipient *next;
-	GMimeCryptoPubKeyAlgo pubkey_algo;
-	char *keyid;
-};
-
-
-GMimeCryptoRecipient *g_mime_crypto_recipient_new (void);
-void g_mime_crypto_recipient_free (GMimeCryptoRecipient *recipient);
-
-const GMimeCryptoRecipient *g_mime_crypto_recipient_next (const GMimeCryptoRecipient *recipient);
-
-void g_mime_crypto_recipient_set_pubkey_algo (GMimeCryptoRecipient *recipient, GMimeCryptoPubKeyAlgo pubkey_algo);
-GMimeCryptoPubKeyAlgo g_mime_crypto_recipient_get_pubkey_algo (const GMimeCryptoRecipient *recipient);
-
-void g_mime_crypto_recipient_set_key_id (GMimeCryptoRecipient *recipient, const char *key_id);
-const char *g_mime_crypto_recipient_get_key_id (const GMimeCryptoRecipient *recipient);
-
-
-/**
- * GMimeCryptoCipherAlgo:
- * @GMIME_CRYPTO_CIPHER_ALGO_DEFAULT: The default (or unknown) cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_IDEA: The IDEA cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_3DES: The 3DES cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_CAST5: The CAST5 cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_BLOWFISH: The Blowfish cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_AES: The AES (aka RIJANDALE) cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_AES192: The AES-192 cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_AES256: The AES-256 cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_TWOFISH: The Twofish cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_CAMELLIA128: The Camellia-128 cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_CAMELLIA196: The Camellia-196 cipher.
- * @GMIME_CRYPTO_CIPHER_ALGO_CAMELLIA256: The Camellia-256 cipher.
+ * GMimeCipherAlgo:
+ * @GMIME_CIPHER_ALGO_DEFAULT: The default (or unknown) cipher.
+ * @GMIME_CIPHER_ALGO_IDEA: The IDEA cipher.
+ * @GMIME_CIPHER_ALGO_3DES: The 3DES cipher.
+ * @GMIME_CIPHER_ALGO_CAST5: The CAST5 cipher.
+ * @GMIME_CIPHER_ALGO_BLOWFISH: The Blowfish cipher.
+ * @GMIME_CIPHER_ALGO_AES: The AES (aka RIJANDALE) cipher.
+ * @GMIME_CIPHER_ALGO_AES192: The AES-192 cipher.
+ * @GMIME_CIPHER_ALGO_AES256: The AES-256 cipher.
+ * @GMIME_CIPHER_ALGO_TWOFISH: The Twofish cipher.
+ * @GMIME_CIPHER_ALGO_CAMELLIA128: The Camellia-128 cipher.
+ * @GMIME_CIPHER_ALGO_CAMELLIA196: The Camellia-196 cipher.
+ * @GMIME_CIPHER_ALGO_CAMELLIA256: The Camellia-256 cipher.
  *
  * A cipher algorithm.
  **/
 typedef enum {
-	GMIME_CRYPTO_CIPHER_ALGO_DEFAULT     = 0,
-	GMIME_CRYPTO_CIPHER_ALGO_IDEA        = 1,
-	GMIME_CRYPTO_CIPHER_ALGO_3DES        = 2,
-	GMIME_CRYPTO_CIPHER_ALGO_CAST5       = 3,
-	GMIME_CRYPTO_CIPHER_ALGO_BLOWFISH    = 4,
-	GMIME_CRYPTO_CIPHER_ALGO_AES         = 7,
-	GMIME_CRYPTO_CIPHER_ALGO_AES192      = 8,
-	GMIME_CRYPTO_CIPHER_ALGO_AES256      = 9,
-	GMIME_CRYPTO_CIPHER_ALGO_TWOFISH     = 10,
-	GMIME_CRYPTO_CIPHER_ALGO_CAMELLIA128 = 11,
-	GMIME_CRYPTO_CIPHER_ALGO_CAMELLIA196 = 12,
-	GMIME_CRYPTO_CIPHER_ALGO_CAMELLIA256 = 13
-} GMimeCryptoCipherAlgo;
+	GMIME_CIPHER_ALGO_DEFAULT     = 0,
+	GMIME_CIPHER_ALGO_IDEA        = 1,
+	GMIME_CIPHER_ALGO_3DES        = 2,
+	GMIME_CIPHER_ALGO_CAST5       = 3,
+	GMIME_CIPHER_ALGO_BLOWFISH    = 4,
+	GMIME_CIPHER_ALGO_AES         = 7,
+	GMIME_CIPHER_ALGO_AES192      = 8,
+	GMIME_CIPHER_ALGO_AES256      = 9,
+	GMIME_CIPHER_ALGO_TWOFISH     = 10,
+	GMIME_CIPHER_ALGO_CAMELLIA128 = 11,
+	GMIME_CIPHER_ALGO_CAMELLIA196 = 12,
+	GMIME_CIPHER_ALGO_CAMELLIA256 = 13
+} GMimeCipherAlgo;
 
 /**
- * GMimeDecryptionResult:
- * @validity: A #GMimeSignatureValidity if signed or %NULL otherwise.
- * @recipients: A list of #GMimeCryptoRecipient structures.
+ * GMimeDecryptResult:
+ * @recipients: A #GMimeCertificateList
+ * @signatures: A #GMimeSignatureList if signed or %NULL otherwise.
  * @cipher: The cipher algorithm used to encrypt the stream.
  * @mdc: The MDC digest algorithm used, if any.
  *
- * A structure containing the results from decrypting an encrypted stream.
+ * An object containing the results from decrypting an encrypted stream.
  **/
-struct _GMimeDecryptionResult {
-	GMimeSignatureValidity *validity;
-	GMimeCryptoRecipient *recipients;
-	GMimeCryptoCipherAlgo cipher;
-	GMimeCryptoHash mdc;
+struct _GMimeDecryptResult {
+	GObject parent_object;
+	
+	GMimeCertificateList *recipients;
+	GMimeSignatureList *signatures;
+	GMimeCipherAlgo cipher;
+	GMimeDigestAlgo mdc;
+};
+
+struct _GMimeDecryptResultClass {
+	GObjectClass parent_class;
+	
 };
 
+GType g_mime_decrypt_result_get_type (void);
 
-GMimeDecryptionResult *g_mime_decryption_result_new (void);
-void g_mime_decryption_result_free (GMimeDecryptionResult *result);
+GMimeDecryptResult *g_mime_decrypt_result_new (void);
 
-void g_mime_decryption_result_set_validity (GMimeDecryptionResult *result, GMimeSignatureValidity *validity);
-const GMimeSignatureValidity *g_mime_decryption_result_get_validity (const GMimeDecryptionResult *result);
+void g_mime_decrypt_result_set_recipients (GMimeDecryptResult *result, GMimeCertificateList *recipients);
+GMimeCertificateList *g_mime_decrypt_result_get_recipients (GMimeDecryptResult *result);
 
-void g_mime_decryption_result_add_recipient (GMimeDecryptionResult *result, GMimeCryptoRecipient *recipient);
-const GMimeCryptoRecipient *g_mime_decryption_result_get_recipients (const GMimeDecryptionResult *result);
+void g_mime_decrypt_result_set_signatures (GMimeDecryptResult *result, GMimeSignatureList *signatures);
+GMimeSignatureList *g_mime_decrypt_result_get_signatures (GMimeDecryptResult *result);
 
-void g_mime_decryption_result_set_cipher (GMimeDecryptionResult *result, GMimeCryptoCipherAlgo cipher);
-GMimeCryptoCipherAlgo g_mime_decryption_result_get_cipher (const GMimeDecryptionResult *result);
+void g_mime_decrypt_result_set_cipher (GMimeDecryptResult *result, GMimeCipherAlgo cipher);
+GMimeCipherAlgo g_mime_decrypt_result_get_cipher (GMimeDecryptResult *result);
 
-void g_mime_decryption_result_set_mdc (GMimeDecryptionResult *result, GMimeCryptoHash mdc);
-GMimeCryptoHash g_mime_decryption_result_get_mdc (const GMimeDecryptionResult *result);
+void g_mime_decrypt_result_set_mdc (GMimeDecryptResult *result, GMimeDigestAlgo mdc);
+GMimeDigestAlgo g_mime_decrypt_result_get_mdc (GMimeDecryptResult *result);
 
 G_END_DECLS
 
diff --git a/gmime/gmime-gpg-context.c b/gmime/gmime-gpg-context.c
index 217e60c..4d7cb47 100644
--- a/gmime/gmime-gpg-context.c
+++ b/gmime/gmime-gpg-context.c
@@ -74,12 +74,12 @@ static void g_mime_gpg_context_class_init (GMimeGpgContextClass *klass);
 static void g_mime_gpg_context_init (GMimeGpgContext *ctx, GMimeGpgContextClass *klass);
 static void g_mime_gpg_context_finalize (GObject *object);
 
-static GMimeCryptoHash gpg_hash_id (GMimeCryptoContext *ctx, const char *hash);
+static GMimeDigestAlgo gpg_digest_id (GMimeCryptoContext *ctx, const char *name);
 
-static const char *gpg_hash_name (GMimeCryptoContext *ctx, GMimeCryptoHash hash);
+static const char *gpg_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest);
 
 static int gpg_sign (GMimeCryptoContext *ctx, const char *userid,
-		     GMimeCryptoHash hash, GMimeStream *istream,
+		     GMimeDigestAlgo digest, GMimeStream *istream,
 		     GMimeStream *ostream, GError **err);
 
 static const char *gpg_get_signature_protocol (GMimeCryptoContext *ctx);
@@ -88,16 +88,16 @@ static const char *gpg_get_encryption_protocol (GMimeCryptoContext *ctx);
 
 static const char *gpg_get_key_exchange_protocol (GMimeCryptoContext *ctx);
 
-static GMimeSignatureValidity *gpg_verify (GMimeCryptoContext *ctx, GMimeCryptoHash hash,
-					   GMimeStream *istream, GMimeStream *sigstream,
-					   GError **err);
+static GMimeSignatureList *gpg_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
+				       GMimeStream *istream, GMimeStream *sigstream,
+				       GError **err);
 
 static int gpg_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid,
-			GMimeCryptoHash hash, GPtrArray *recipients, GMimeStream *istream,
+			GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
 			GMimeStream *ostream, GError **err);
 
-static GMimeDecryptionResult *gpg_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
-					   GMimeStream *ostream, GError **err);
+static GMimeDecryptResult *gpg_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
+					GMimeStream *ostream, GError **err);
 
 static int gpg_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream,
 			    GError **err);
@@ -144,8 +144,8 @@ g_mime_gpg_context_class_init (GMimeGpgContextClass *klass)
 	
 	object_class->finalize = g_mime_gpg_context_finalize;
 	
-	crypto_class->hash_id = gpg_hash_id;
-	crypto_class->hash_name = gpg_hash_name;
+	crypto_class->digest_id = gpg_digest_id;
+	crypto_class->digest_name = gpg_digest_name;
 	crypto_class->sign = gpg_sign;
 	crypto_class->verify = gpg_verify;
 	crypto_class->encrypt = gpg_encrypt;
@@ -177,66 +177,66 @@ g_mime_gpg_context_finalize (GObject *object)
 	G_OBJECT_CLASS (parent_class)->finalize (object);
 }
 
-static GMimeCryptoHash
-gpg_hash_id (GMimeCryptoContext *ctx, const char *hash)
+static GMimeDigestAlgo
+gpg_digest_id (GMimeCryptoContext *ctx, const char *name)
 {
-	if (hash == NULL)
-		return GMIME_CRYPTO_HASH_DEFAULT;
-	
-	if (!g_ascii_strcasecmp (hash, "pgp-"))
-		hash += 4;
-	
-	if (!g_ascii_strcasecmp (hash, "md2"))
-		return GMIME_CRYPTO_HASH_MD2;
-	else if (!g_ascii_strcasecmp (hash, "md4"))
-		return GMIME_CRYPTO_HASH_MD4;
-	else if (!g_ascii_strcasecmp (hash, "md5"))
-		return GMIME_CRYPTO_HASH_MD5;
-	else if (!g_ascii_strcasecmp (hash, "sha1"))
-		return GMIME_CRYPTO_HASH_SHA1;
-	else if (!g_ascii_strcasecmp (hash, "sha224"))
-		return GMIME_CRYPTO_HASH_SHA224;
-	else if (!g_ascii_strcasecmp (hash, "sha256"))
-		return GMIME_CRYPTO_HASH_SHA256;
-	else if (!g_ascii_strcasecmp (hash, "sha384"))
-		return GMIME_CRYPTO_HASH_SHA384;
-	else if (!g_ascii_strcasecmp (hash, "sha512"))
-		return GMIME_CRYPTO_HASH_SHA512;
-	else if (!g_ascii_strcasecmp (hash, "ripemd160"))
-		return GMIME_CRYPTO_HASH_RIPEMD160;
-	else if (!g_ascii_strcasecmp (hash, "tiger192"))
-		return GMIME_CRYPTO_HASH_TIGER192;
-	else if (!g_ascii_strcasecmp (hash, "haval-5-160"))
-		return GMIME_CRYPTO_HASH_HAVAL5160;
-	
-	return GMIME_CRYPTO_HASH_DEFAULT;
+	if (name == NULL)
+		return GMIME_DIGEST_ALGO_DEFAULT;
+	
+	if (!g_ascii_strcasecmp (name, "pgp-"))
+		name += 4;
+	
+	if (!g_ascii_strcasecmp (name, "md2"))
+		return GMIME_DIGEST_ALGO_MD2;
+	else if (!g_ascii_strcasecmp (name, "md4"))
+		return GMIME_DIGEST_ALGO_MD4;
+	else if (!g_ascii_strcasecmp (name, "md5"))
+		return GMIME_DIGEST_ALGO_MD5;
+	else if (!g_ascii_strcasecmp (name, "sha1"))
+		return GMIME_DIGEST_ALGO_SHA1;
+	else if (!g_ascii_strcasecmp (name, "sha224"))
+		return GMIME_DIGEST_ALGO_SHA224;
+	else if (!g_ascii_strcasecmp (name, "sha256"))
+		return GMIME_DIGEST_ALGO_SHA256;
+	else if (!g_ascii_strcasecmp (name, "sha384"))
+		return GMIME_DIGEST_ALGO_SHA384;
+	else if (!g_ascii_strcasecmp (name, "sha512"))
+		return GMIME_DIGEST_ALGO_SHA512;
+	else if (!g_ascii_strcasecmp (name, "ripemd160"))
+		return GMIME_DIGEST_ALGO_RIPEMD160;
+	else if (!g_ascii_strcasecmp (name, "tiger192"))
+		return GMIME_DIGEST_ALGO_TIGER192;
+	else if (!g_ascii_strcasecmp (name, "haval-5-160"))
+		return GMIME_DIGEST_ALGO_HAVAL5160;
+	
+	return GMIME_DIGEST_ALGO_DEFAULT;
 }
 
 static const char *
-gpg_hash_name (GMimeCryptoContext *ctx, GMimeCryptoHash hash)
+gpg_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest)
 {
-	switch (hash) {
-	case GMIME_CRYPTO_HASH_MD2:
+	switch (digest) {
+	case GMIME_DIGEST_ALGO_MD2:
 		return "pgp-md2";
-	case GMIME_CRYPTO_HASH_MD4:
+	case GMIME_DIGEST_ALGO_MD4:
 		return "pgp-md4";
-	case GMIME_CRYPTO_HASH_MD5:
+	case GMIME_DIGEST_ALGO_MD5:
 		return "pgp-md5";
-	case GMIME_CRYPTO_HASH_SHA1:
+	case GMIME_DIGEST_ALGO_SHA1:
 		return "pgp-sha1";
-	case GMIME_CRYPTO_HASH_SHA224:
+	case GMIME_DIGEST_ALGO_SHA224:
 		return "pgp-sha224";
-	case GMIME_CRYPTO_HASH_SHA256:
+	case GMIME_DIGEST_ALGO_SHA256:
 		return "pgp-sha256";
-	case GMIME_CRYPTO_HASH_SHA384:
+	case GMIME_DIGEST_ALGO_SHA384:
 		return "pgp-sha384";
-	case GMIME_CRYPTO_HASH_SHA512:
+	case GMIME_DIGEST_ALGO_SHA512:
 		return "pgp-sha512";
-	case GMIME_CRYPTO_HASH_RIPEMD160:
+	case GMIME_DIGEST_ALGO_RIPEMD160:
 		return "pgp-ripemd160";
-	case GMIME_CRYPTO_HASH_TIGER192:
+	case GMIME_DIGEST_ALGO_TIGER192:
 		return "pgp-tiger192";
-	case GMIME_CRYPTO_HASH_HAVAL5160:
+	case GMIME_DIGEST_ALGO_HAVAL5160:
 		return "pgp-haval-5-160";
 	default:
 		return "pgp-sha1";
@@ -279,8 +279,8 @@ struct _GpgCtx {
 	
 	char *userid;
 	GPtrArray *recipients;
-	GMimeCryptoCipherAlgo cipher;
-	GMimeCryptoHash hash;
+	GMimeCipherAlgo cipher;
+	GMimeDigestAlgo digest;
 	
 	int stdin_fd;
 	int stdout_fd;
@@ -302,11 +302,9 @@ struct _GpgCtx {
 	GByteArray *diag;
 	GMimeStream *diagnostics;
 	
-	GMimeCryptoRecipient *encrypted_to;  /* full list of encrypted-to recipients */
-	GMimeCryptoRecipient *enc_to;        /* most recent recipient (tail pointer) */
-	
-	GMimeSigner *signers;
-	GMimeSigner *signer;
+	GMimeCertificateList *encrypted_to;  /* full list of encrypted-to recipients */
+	GMimeSignatureList *signatures;
+	GMimeSignature *signature;
 	
 	int exit_status;
 	
@@ -345,8 +343,8 @@ gpg_ctx_new (GMimeGpgContext *ctx)
 	
 	gpg->userid = NULL;
 	gpg->recipients = NULL;
-	gpg->cipher = GMIME_CRYPTO_CIPHER_ALGO_DEFAULT;
-	gpg->hash = GMIME_CRYPTO_HASH_DEFAULT;
+	gpg->cipher = GMIME_CIPHER_ALGO_DEFAULT;
+	gpg->digest = GMIME_DIGEST_ALGO_DEFAULT;
 	gpg->always_trust = FALSE;
 	gpg->armor = FALSE;
 	
@@ -365,10 +363,8 @@ gpg_ctx_new (GMimeGpgContext *ctx)
 	gpg->need_id = NULL;
 	
 	gpg->encrypted_to = NULL;
-	gpg->enc_to = (GMimeCryptoRecipient *) &gpg->encrypted_to;
-	
-	gpg->signers = NULL;
-	gpg->signer = (GMimeSigner *) &gpg->signers;
+	gpg->signatures = NULL;
+	gpg->signature = NULL;
 	
 	gpg->sigstream = NULL;
 	gpg->istream = NULL;
@@ -408,9 +404,9 @@ gpg_ctx_set_mode (struct _GpgCtx *gpg, enum _GpgCtxMode mode)
 }
 
 static void
-gpg_ctx_set_hash (struct _GpgCtx *gpg, GMimeCryptoHash hash)
+gpg_ctx_set_digest (struct _GpgCtx *gpg, GMimeDigestAlgo digest)
 {
-	gpg->hash = hash;
+	gpg->digest = digest;
 }
 
 static void
@@ -489,8 +485,6 @@ gpg_ctx_get_diagnostics (struct _GpgCtx *gpg)
 static void
 gpg_ctx_free (struct _GpgCtx *gpg)
 {
-	GMimeCryptoRecipient *recipient, *nr;
-	GMimeSigner *signer, *ns;
 	guint i;
 	
 	g_hash_table_destroy (gpg->userid_hint);
@@ -530,46 +524,38 @@ gpg_ctx_free (struct _GpgCtx *gpg)
 	
 	g_object_unref (gpg->diagnostics);
 	
-	recipient = gpg->encrypted_to;
-	while (recipient != NULL) {
-		nr = recipient->next;
-		g_mime_crypto_recipient_free (recipient);
-		recipient = nr;
-	}
+	if (gpg->encrypted_to)
+		g_object_unref (gpg->encrypted_to);
 	
-	signer = gpg->signers;
-	while (signer != NULL) {
-		ns = signer->next;
-		g_mime_signer_free (signer);
-		signer = ns;
-	}
+	if (gpg->signatures)
+		g_object_unref (gpg->signatures);
 	
 	g_slice_free (struct _GpgCtx, gpg);
 }
 
 static const char *
-gpg_hash_str (GMimeCryptoHash hash)
+gpg_digest_str (GMimeDigestAlgo digest)
 {
-	switch (hash) {
-	case GMIME_CRYPTO_HASH_MD2:
+	switch (digest) {
+	case GMIME_DIGEST_ALGO_MD2:
 		return "--digest-algo=MD2";
-	case GMIME_CRYPTO_HASH_MD5:
+	case GMIME_DIGEST_ALGO_MD5:
 		return "--digest-algo=MD5";
-	case GMIME_CRYPTO_HASH_SHA1:
+	case GMIME_DIGEST_ALGO_SHA1:
 		return "--digest-algo=SHA1";
-	case GMIME_CRYPTO_HASH_SHA224:
+	case GMIME_DIGEST_ALGO_SHA224:
 		return "--digest-algo=SHA224";
-	case GMIME_CRYPTO_HASH_SHA256:
+	case GMIME_DIGEST_ALGO_SHA256:
 		return "--digest-algo=SHA256";
-	case GMIME_CRYPTO_HASH_SHA384:
+	case GMIME_DIGEST_ALGO_SHA384:
 		return "--digest-algo=SHA384";
-	case GMIME_CRYPTO_HASH_SHA512:
+	case GMIME_DIGEST_ALGO_SHA512:
 		return "--digest-algo=SHA512";
-	case GMIME_CRYPTO_HASH_RIPEMD160:
+	case GMIME_DIGEST_ALGO_RIPEMD160:
 		return "--digest-algo=RIPEMD160";
-	case GMIME_CRYPTO_HASH_TIGER192:
+	case GMIME_DIGEST_ALGO_TIGER192:
 		return "--digest-algo=TIGER192";
-	case GMIME_CRYPTO_HASH_MD4:
+	case GMIME_DIGEST_ALGO_MD4:
 		return "--digest-algo=MD4";
 	default:
 		return NULL;
@@ -579,7 +565,7 @@ gpg_hash_str (GMimeCryptoHash hash)
 static char **
 gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, int secret_fd, char ***strv)
 {
-	const char *hash_str;
+	const char *digest_str;
 	char **argv, *buf;
 	GPtrArray *args;
 	int v = 0;
@@ -619,8 +605,8 @@ gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, int secret_fd, char ***str
 		g_ptr_array_add (args, "--detach");
 		if (gpg->armor)
 			g_ptr_array_add (args, "--armor");
-		if ((hash_str = gpg_hash_str (gpg->hash)))
-			g_ptr_array_add (args, (char *) hash_str);
+		if ((digest_str = gpg_digest_str (gpg->digest)))
+			g_ptr_array_add (args, (char *) digest_str);
 		if (gpg->userid) {
 			g_ptr_array_add (args, "-u");
 			g_ptr_array_add (args, (char *) gpg->userid);
@@ -648,8 +634,8 @@ gpg_ctx_get_argv (struct _GpgCtx *gpg, int status_fd, int secret_fd, char ***str
 	case GPG_CTX_MODE_SIGN_ENCRYPT:
 		g_ptr_array_add (args, "--sign");
 		
-		if ((hash_str = gpg_hash_str (gpg->hash)))
-			g_ptr_array_add (args, (char *) hash_str);
+		if ((digest_str = gpg_digest_str (gpg->digest)))
+			g_ptr_array_add (args, (char *) digest_str);
 		
 		/* fall thru... */
 	case GPG_CTX_MODE_ENCRYPT:
@@ -830,93 +816,97 @@ next_token (char *in, char **token)
 }
 
 /**
- * gpg_ctx_add_signer:
+ * gpg_ctx_add_signature:
  * @gpg: GnuPG context
- * @status: a #GMimeSignerStatus
- * @info: a string with the signer's info
+ * @status: a #GMimeSignatureStatus
+ * @info: a string with the signature info
  *
  * Parses GOODSIG, BADSIG, EXPSIG, EXPKEYSIG, and REVKEYSIG status messages
- * into a newly allocated #GMimeSigner and adds it to @gpg's signer list.
- *
- * Returns: the newly added signer for the caller to add more info to.
+ * into a newly allocated #GMimeSignature and adds it to @gpg's signature list.
  **/
-static GMimeSigner *
-gpg_ctx_add_signer (struct _GpgCtx *gpg, GMimeSignerStatus status, char *info)
+static void
+gpg_ctx_add_signature (struct _GpgCtx *gpg, GMimeSignatureStatus status, char *info)
 {
-	GMimeSigner *signer;
+	GMimeSignature *sig;
+	
+	if (!gpg->signatures)
+		gpg->signatures = g_mime_signature_list_new ();
 	
-	signer = g_mime_signer_new (status);
-	gpg->signer->next = signer;
-	gpg->signer = signer;
+	gpg->signature = sig = g_mime_signature_new ();
+	g_mime_signature_set_status (sig, status);
+	g_mime_signature_list_add (gpg->signatures, sig);
+	g_object_unref (sig);
 	
 	/* get the key id of the signer */
-	info = next_token (info, &signer->keyid);
+	info = next_token (info, &sig->cert->keyid);
 	
 	/* the rest of the string is the signer's name */
-	signer->name = g_strdup (info);
-	
-	return signer;
+	sig->cert->name = g_strdup (info);
 }
 
 static void
 gpg_ctx_parse_signer_info (struct _GpgCtx *gpg, char *status)
 {
-	GMimeSigner *signer;
+	GMimeSignature *sig;
 	char *inend;
 	
 	if (!strncmp (status, "SIG_ID ", 7)) {
 		/* not sure if this contains anything we care about... */
 	} else if (!strncmp (status, "GOODSIG ", 8)) {
-		gpg_ctx_add_signer (gpg, GMIME_SIGNER_STATUS_GOOD, status + 8);
+		gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_GOOD, status + 8);
 	} else if (!strncmp (status, "BADSIG ", 7)) {
-		gpg_ctx_add_signer (gpg, GMIME_SIGNER_STATUS_BAD, status + 7);
+		gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_BAD, status + 7);
 	} else if (!strncmp (status, "EXPSIG ", 7)) {
-		signer = gpg_ctx_add_signer (gpg, GMIME_SIGNER_STATUS_ERROR, status + 7);
-		signer->errors |= GMIME_SIGNER_ERROR_EXPSIG;
+		gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_ERROR, status + 7);
+		gpg->signature->errors |= GMIME_SIGNATURE_ERROR_EXPSIG;
 	} else if (!strncmp (status, "EXPKEYSIG ", 10)) {
-		signer = gpg_ctx_add_signer (gpg, GMIME_SIGNER_STATUS_ERROR, status + 10);
-		signer->errors |= GMIME_SIGNER_ERROR_EXPKEYSIG;
+		gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_ERROR, status + 10);
+		gpg->signature->errors |= GMIME_SIGNATURE_ERROR_EXPKEYSIG;
 	} else if (!strncmp (status, "REVKEYSIG ", 10)) {
-		signer = gpg_ctx_add_signer (gpg, GMIME_SIGNER_STATUS_ERROR, status + 10);
-		signer->errors |= GMIME_SIGNER_ERROR_REVKEYSIG;
+		gpg_ctx_add_signature (gpg, GMIME_SIGNATURE_STATUS_ERROR, status + 10);
+		gpg->signature->errors |= GMIME_SIGNATURE_ERROR_REVKEYSIG;
 	} else if (!strncmp (status, "ERRSIG ", 7)) {
 		/* Note: NO_PUBKEY often comes after an ERRSIG */
 		status += 7;
 		
-		signer = g_mime_signer_new (GMIME_SIGNER_STATUS_ERROR);
-		gpg->signer->next = signer;
-		gpg->signer = signer;
+		if (!gpg->signatures)
+			gpg->signatures = g_mime_signature_list_new ();
+		
+		gpg->signature = sig = g_mime_signature_new ();
+		g_mime_signature_set_status (sig, GMIME_SIGNATURE_STATUS_ERROR);
+		g_mime_signature_list_add (gpg->signatures, sig);
+		g_object_unref (sig);
 		
 		/* get the key id of the signer */
-		status = next_token (status, &signer->keyid);
+		status = next_token (status, &sig->cert->keyid);
 		
 		/* the second token is the public-key algorithm id */
-		signer->pubkey_algo = strtoul (status, &inend, 10);
+		sig->cert->pubkey_algo = strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ')
 			return;
 		
 		status = inend + 1;
 		
-		/* the third token is the hash algorithm id */
-		signer->hash_algo = strtoul (status, &inend, 10);
+		/* the third token is the digest algorithm id */
+		sig->cert->digest_algo = strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ')
 			return;
 		
 		status = inend + 1;
 		
 		/* the fourth token is the signature class */
-		signer->sig_class = strtoul (status, &inend, 10);
+		/*sig->sig_class =*/ strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ') {
-			signer->sig_class = 0;
+			/*signer->sig_class = 0;*/
 			return;
 		}
 		
 		status = inend + 1;
 		
 		/* the fifth token is the signature expiration date (or 0 for never) */
-		signer->sig_expires = strtoul (status, &inend, 10);
+		sig->expires = strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ') {
-			signer->sig_expires = 0;
+			sig->expires = 0;
 			return;
 		}
 		
@@ -924,45 +914,45 @@ gpg_ctx_parse_signer_info (struct _GpgCtx *gpg, char *status)
 		
 		/* the sixth token is the return code */
 		switch (strtol (status, NULL, 10)) {
-		case 4: signer->errors |= GMIME_SIGNER_ERROR_UNSUPP_ALGO; break;
-		case 9: signer->errors |= GMIME_SIGNER_ERROR_NO_PUBKEY; break;
+		case 4: sig->errors |= GMIME_SIGNATURE_ERROR_UNSUPP_ALGO; break;
+		case 9: sig->errors |= GMIME_SIGNATURE_ERROR_NO_PUBKEY; break;
 		default: break;
 		}
 	} else if (!strncmp (status, "NO_PUBKEY ", 10)) {
 		/* the only token is the keyid, but we've already got it */
-		gpg->signer->errors |= GMIME_SIGNER_ERROR_NO_PUBKEY;
+		gpg->signature->errors |= GMIME_SIGNATURE_ERROR_NO_PUBKEY;
 	} else if (!strncmp (status, "VALIDSIG ", 9)) {
-		signer = gpg->signer;
+		sig = gpg->signature;
 		status += 9;
 		
 		/* the first token is the fingerprint */
-		status = next_token (status, &signer->fingerprint);
+		status = next_token (status, &sig->cert->fingerprint);
 		
 		/* the second token is the date the stream was signed YYYY-MM-DD */
 		status = next_token (status, NULL);
 		
 		/* the third token is the signature creation date (or 0 for unknown?) */
-		signer->sig_created = strtoul (status, &inend, 10);
+		sig->created = strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ') {
-			signer->sig_created = 0;
+			sig->created = 0;
 			return;
 		}
 		
 		status = inend + 1;
 		
 		/* the fourth token is the signature expiration date (or 0 for never) */
-		signer->sig_expires = strtoul (status, &inend, 10);
+		sig->expires = strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ') {
-			signer->sig_expires = 0;
+			sig->expires = 0;
 			return;
 		}
 		
 		status = inend + 1;
 		
 		/* the fifth token is the signature version */
-		signer->sig_ver = strtoul (status, &inend, 10);
+		/*sig->sig_ver =*/ strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ') {
-			signer->sig_ver = 0;
+			/*signer->sig_ver = 0;*/
 			return;
 		}
 		
@@ -972,23 +962,23 @@ gpg_ctx_parse_signer_info (struct _GpgCtx *gpg, char *status)
 		status = next_token (status, NULL);
 		
 		/* the seventh token is the public-key algorithm id */
-		signer->pubkey_algo = strtoul (status, &inend, 10);
+		sig->cert->pubkey_algo = strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ')
 			return;
 		
 		status = inend + 1;
 		
-		/* the eighth token is the hash algorithm id */
-		signer->hash_algo = strtoul (status, &inend, 10);
+		/* the eighth token is the digest algorithm id */
+		sig->cert->digest_algo = strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ')
 			return;
 		
 		status = inend + 1;
 		
 		/* the nineth token is the signature class */
-		signer->sig_class = strtoul (status, &inend, 10);
+		/*sig->sig_class =*/ strtoul (status, &inend, 10);
 		if (inend == status || *inend != ' ') {
-			signer->sig_class = 0;
+			/*sig->sig_class = 0;*/
 			return;
 		}
 		
@@ -998,17 +988,17 @@ gpg_ctx_parse_signer_info (struct _GpgCtx *gpg, char *status)
 	} else if (!strncmp (status, "TRUST_", 6)) {
 		status += 6;
 		
-		signer = gpg->signer;
+		sig = gpg->signature;
 		if (!strncmp (status, "NEVER", 5)) {
-			signer->trust = GMIME_SIGNER_TRUST_NEVER;
+			sig->cert->trust = GMIME_CERTIFICATE_TRUST_NEVER;
 		} else if (!strncmp (status, "MARGINAL", 8)) {
-			signer->trust = GMIME_SIGNER_TRUST_MARGINAL;
+			sig->cert->trust = GMIME_CERTIFICATE_TRUST_MARGINAL;
 		} else if (!strncmp (status, "FULLY", 5)) {
-			signer->trust = GMIME_SIGNER_TRUST_FULLY;
+			sig->cert->trust = GMIME_CERTIFICATE_TRUST_FULLY;
 		} else if (!strncmp (status, "ULTIMATE", 8)) {
-			signer->trust = GMIME_SIGNER_TRUST_ULTIMATE;
+			sig->cert->trust = GMIME_CERTIFICATE_TRUST_ULTIMATE;
 		} else if (!strncmp (status, "UNDEFINED", 9)) {
-			signer->trust = GMIME_SIGNER_TRUST_UNDEFINED;
+			sig->cert->trust = GMIME_CERTIFICATE_TRUST_UNDEFINED;
 		}
 	}
 }
@@ -1211,7 +1201,7 @@ gpg_ctx_parse_status (struct _GpgCtx *gpg, GError **err)
 		
 		return -1;
 	} else {
-		GMimeCryptoRecipient *recipient;
+		GMimeCertificate *cert;
 		char *inend;
 		
 		switch (gpg->mode) {
@@ -1227,8 +1217,8 @@ gpg_ctx_parse_status (struct _GpgCtx *gpg, GError **err)
 			/* skip the public-key algorithm id token */
 			status = next_token (status, NULL);
 			
-			/* this token is the hash algorithm used */
-			gpg->hash = strtoul (status, NULL, 10);
+			/* this token is the digest algorithm used */
+			gpg->digest = strtoul (status, NULL, 10);
 			break;
 		case GPG_CTX_MODE_VERIFY:
 			gpg_ctx_parse_signer_info (gpg, status);
@@ -1253,7 +1243,7 @@ gpg_ctx_parse_status (struct _GpgCtx *gpg, GError **err)
 				status += 16;
 				
 				/* first token is the mdc algorithm (or 0 if not used) */
-				gpg->hash = strtoul (status, &inend, 10);
+				gpg->digest = strtoul (status, &inend, 10);
 				if (inend == status || *inend != ' ')
 					return;
 				
@@ -1269,17 +1259,19 @@ gpg_ctx_parse_status (struct _GpgCtx *gpg, GError **err)
 				/* nothing to do, but we know we're done */
 			} else if (!strncmp (status, "ENC_TO ", 7)) {
 				/* parse the recipient info */
-				recipient = g_mime_crypto_recipient_new ();
-				gpg->enc_to->next = recipient;
-				gpg->enc_to = recipient;
+				if (!gpg->encrypted_to)
+					gpg->encrypted_to = g_mime_certificate_list_new ();
+				
+				cert = g_mime_certificate_new ();
+				g_mime_certificate_list_add (gpg->encrypted_to, cert);
 				
 				status += 7;
 				
 				/* first token is the recipient's keyid */
-				status = next_token (status, &recipient->keyid);
+				status = next_token (status, &cert->keyid);
 				
 				/* second token is the recipient's pubkey algo */
-				recipient->pubkey_algo = strtoul (status, &inend, 10);
+				cert->pubkey_algo = strtoul (status, &inend, 10);
 				if (inend == status || *inend != ' ')
 					return;
 				
@@ -1774,7 +1766,7 @@ gpg_ctx_op_wait (struct _GpgCtx *gpg)
 
 
 static int
-gpg_sign (GMimeCryptoContext *context, const char *userid, GMimeCryptoHash hash,
+gpg_sign (GMimeCryptoContext *context, const char *userid, GMimeDigestAlgo digest,
 	  GMimeStream *istream, GMimeStream *ostream, GError **err)
 {
 	GMimeGpgContext *ctx = (GMimeGpgContext *) context;
@@ -1782,7 +1774,7 @@ gpg_sign (GMimeCryptoContext *context, const char *userid, GMimeCryptoHash hash,
 	
 	gpg = gpg_ctx_new (ctx);
 	gpg_ctx_set_mode (gpg, GPG_CTX_MODE_SIGN);
-	gpg_ctx_set_hash (gpg, hash);
+	gpg_ctx_set_digest (gpg, digest);
 	gpg_ctx_set_armor (gpg, TRUE);
 	gpg_ctx_set_userid (gpg, userid);
 	gpg_ctx_set_istream (gpg, istream);
@@ -1820,22 +1812,22 @@ gpg_sign (GMimeCryptoContext *context, const char *userid, GMimeCryptoHash hash,
 		return -1;
 	}
 	
-	/* save the hash used */
-	hash = gpg->hash;
+	/* save the digest used */
+	digest = gpg->digest;
 	
 	gpg_ctx_free (gpg);
 	
-	return hash;
+	return digest;
 }
 
 
-static GMimeSignatureValidity *
-gpg_verify (GMimeCryptoContext *context, GMimeCryptoHash hash,
+static GMimeSignatureList *
+gpg_verify (GMimeCryptoContext *context, GMimeDigestAlgo digest,
 	    GMimeStream *istream, GMimeStream *sigstream,
 	    GError **err)
 {
 	GMimeGpgContext *ctx = (GMimeGpgContext *) context;
-	GMimeSignatureValidity *validity;
+	GMimeSignatureList *signatures;
 	const char *diagnostics;
 	struct _GpgCtx *gpg;
 	gboolean valid;
@@ -1844,7 +1836,7 @@ gpg_verify (GMimeCryptoContext *context, GMimeCryptoHash hash,
 	gpg_ctx_set_mode (gpg, GPG_CTX_MODE_VERIFY);
 	gpg_ctx_set_sigstream (gpg, sigstream);
 	gpg_ctx_set_istream (gpg, istream);
-	gpg_ctx_set_hash (gpg, hash);
+	gpg_ctx_set_digest (gpg, digest);
 	
 	if (gpg_ctx_op_start (gpg) == -1) {
 		g_set_error (err, GMIME_ERROR, errno,
@@ -1864,22 +1856,18 @@ gpg_verify (GMimeCryptoContext *context, GMimeCryptoHash hash,
 	}
 	
 	valid = gpg_ctx_op_wait (gpg) == 0;
-	diagnostics = gpg_ctx_get_diagnostics (gpg);
-	
-	validity = g_mime_signature_validity_new ();
-	g_mime_signature_validity_set_details (validity, diagnostics);
-	validity->signers = gpg->signers;
-	gpg->signers = NULL;
 	
+	signatures = gpg->signatures;
+	gpg->signatures = NULL;
 	gpg_ctx_free (gpg);
 	
-	return validity;
+	return signatures;
 }
 
 
 static int
 gpg_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
-	     GMimeCryptoHash hash, GPtrArray *recipients, GMimeStream *istream,
+	     GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
 	     GMimeStream *ostream, GError **err)
 {
 	GMimeGpgContext *ctx = (GMimeGpgContext *) context;
@@ -1891,7 +1879,7 @@ gpg_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
 		gpg_ctx_set_mode (gpg, GPG_CTX_MODE_SIGN_ENCRYPT);
 	else
 		gpg_ctx_set_mode (gpg, GPG_CTX_MODE_ENCRYPT);
-	gpg_ctx_set_hash (gpg, hash);
+	gpg_ctx_set_digest (gpg, digest);
 	gpg_ctx_set_armor (gpg, TRUE);
 	gpg_ctx_set_userid (gpg, userid);
 	gpg_ctx_set_istream (gpg, istream);
@@ -1939,12 +1927,12 @@ gpg_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
 }
 
 
-static GMimeDecryptionResult *
+static GMimeDecryptResult *
 gpg_decrypt (GMimeCryptoContext *context, GMimeStream *istream,
 	     GMimeStream *ostream, GError **err)
 {
 	GMimeGpgContext *ctx = (GMimeGpgContext *) context;
-	GMimeDecryptionResult *result;
+	GMimeDecryptResult *result;
 	const char *diagnostics;
 	struct _GpgCtx *gpg;
 	int save;
@@ -1983,16 +1971,13 @@ gpg_decrypt (GMimeCryptoContext *context, GMimeStream *istream,
 		return NULL;
 	}
 	
-	result = g_mime_decryption_result_new ();
-	result->validity = g_mime_signature_validity_new ();
-	diagnostics = gpg_ctx_get_diagnostics (gpg);
-	g_mime_signature_validity_set_details (result->validity, diagnostics);
-	result->validity->signers = gpg->signers;
+	result = g_mime_decrypt_result_new ();
 	result->recipients = gpg->encrypted_to;
+	result->signatures = gpg->signatures;
 	result->cipher = gpg->cipher;
-	result->mdc = gpg->hash;
+	result->mdc = gpg->digest;
 	gpg->encrypted_to = NULL;
-	gpg->signers = NULL;
+	gpg->signatures = NULL;
 	
 	gpg_ctx_free (gpg);
 	
diff --git a/gmime/gmime-multipart-encrypted.c b/gmime/gmime-multipart-encrypted.c
index d6da26d..04b6c82 100644
--- a/gmime/gmime-multipart-encrypted.c
+++ b/gmime/gmime-multipart-encrypted.c
@@ -144,7 +144,7 @@ g_mime_multipart_encrypted_new (void)
  * @ctx: encryption context
  * @sign: %TRUE if the content should also be signed or %FALSE otherwise
  * @userid: user id to use for signing (only used if @sign is %TRUE)
- * @hash: digest algorithm to use when signing
+ * @digest: digest algorithm to use when signing
  * @recipients: an array of recipients to encrypt to
  * @err: a #GError
  *
@@ -160,7 +160,7 @@ g_mime_multipart_encrypted_new (void)
 int
 g_mime_multipart_encrypted_encrypt (GMimeMultipartEncrypted *mpe, GMimeObject *content,
 				    GMimeCryptoContext *ctx, gboolean sign,
-				    const char *userid, GMimeCryptoHash hash,
+				    const char *userid, GMimeDigestAlgo digest,
 				    GPtrArray *recipients, GError **err)
 {
 	GMimeStream *filtered_stream, *ciphertext, *stream;
@@ -196,7 +196,7 @@ g_mime_multipart_encrypted_encrypt (GMimeMultipartEncrypted *mpe, GMimeObject *c
 	
 	/* encrypt the content stream */
 	ciphertext = g_mime_stream_mem_new ();
-	if (g_mime_crypto_context_encrypt (ctx, sign, userid, hash, recipients, stream, ciphertext, err) == -1) {
+	if (g_mime_crypto_context_encrypt (ctx, sign, userid, digest, recipients, stream, ciphertext, err) == -1) {
 		g_object_unref (ciphertext);
 		g_object_unref (stream);
 		return -1;
@@ -252,8 +252,8 @@ g_mime_multipart_encrypted_encrypt (GMimeMultipartEncrypted *mpe, GMimeObject *c
  * Attempts to decrypt the encrypted MIME part contained within the
  * multipart/encrypted object @mpe using the @ctx decryption context.
  *
- * If @result is non-NULL, then on a successful decrypt operation, it will be
- * updated to point to a newly-allocated #GMimeDecryptionResult with signature
+ * If @result is non-%NULL, then on a successful decrypt operation, it will be
+ * updated to point to a newly-allocated #GMimeDecryptResult with signature
  * status information as well as a list of recipients that the part was
  * encrypted to.
  *
@@ -263,16 +263,16 @@ g_mime_multipart_encrypted_encrypt (GMimeMultipartEncrypted *mpe, GMimeObject *c
  **/
 GMimeObject *
 g_mime_multipart_encrypted_decrypt (GMimeMultipartEncrypted *mpe, GMimeCryptoContext *ctx,
-				    GMimeDecryptionResult **result, GError **err)
+				    GMimeDecryptResult **result, GError **err)
 {
 	GMimeObject *decrypted, *version, *encrypted;
 	GMimeStream *stream, *ciphertext;
 	const char *protocol, *supported;
 	GMimeStream *filtered_stream;
 	GMimeContentType *mime_type;
-	GMimeDecryptionResult *res;
 	GMimeDataWrapper *wrapper;
 	GMimeFilter *crlf_filter;
+	GMimeDecryptResult *res;
 	GMimeParser *parser;
 	char *content_type;
 	
@@ -362,7 +362,7 @@ g_mime_multipart_encrypted_decrypt (GMimeMultipartEncrypted *mpe, GMimeCryptoCon
 		g_set_error_literal (err, GMIME_ERROR, GMIME_ERROR_PARSE_ERROR,
 				     _("Cannot decrypt multipart/encrypted part: failed to parse decrypted content."));
 		
-		g_mime_decryption_result_free (res);
+		g_object_unref (res);
 		
 		return NULL;
 	}
diff --git a/gmime/gmime-multipart-encrypted.h b/gmime/gmime-multipart-encrypted.h
index 7128339..29e7690 100644
--- a/gmime/gmime-multipart-encrypted.h
+++ b/gmime/gmime-multipart-encrypted.h
@@ -68,12 +68,12 @@ GMimeMultipartEncrypted *g_mime_multipart_encrypted_new (void);
 
 int g_mime_multipart_encrypted_encrypt (GMimeMultipartEncrypted *mpe, GMimeObject *content,
 					GMimeCryptoContext *ctx, gboolean sign,
-					const char *userid, GMimeCryptoHash hash,
+					const char *userid, GMimeDigestAlgo digest,
 					GPtrArray *recipients, GError **err);
 
 GMimeObject *g_mime_multipart_encrypted_decrypt (GMimeMultipartEncrypted *mpe,
 						 GMimeCryptoContext *ctx,
-						 GMimeDecryptionResult **result,
+						 GMimeDecryptResult **result,
 						 GError **err);
 
 G_END_DECLS
diff --git a/gmime/gmime-multipart-signed.c b/gmime/gmime-multipart-signed.c
index b3c8f78..a75b1dd 100644
--- a/gmime/gmime-multipart-signed.c
+++ b/gmime/gmime-multipart-signed.c
@@ -200,11 +200,11 @@ sign_prepare (GMimeObject *mime_part)
  * @content: MIME part to sign
  * @ctx: encryption crypto context
  * @userid: user id to sign with
- * @hash: preferred digest algorithm
+ * @digest: preferred digest algorithm
  * @err: exception
  *
  * Attempts to sign the @content MIME part with @userid's private key
- * using the @ctx signing context with the @hash algorithm. If
+ * using the @ctx signing context with the @digest algorithm. If
  * successful, the signed #GMimeObject is set as the signed part of
  * the multipart/signed object @mps.
  *
@@ -215,7 +215,7 @@ sign_prepare (GMimeObject *mime_part)
 int
 g_mime_multipart_signed_sign (GMimeMultipartSigned *mps, GMimeObject *content,
 			      GMimeCryptoContext *ctx, const char *userid,
-			      GMimeCryptoHash hash, GError **err)
+			      GMimeDigestAlgo digest, GError **err)
 {
 	GMimeStream *stream, *filtered, *sigstream;
 	GMimeContentType *content_type;
@@ -268,7 +268,7 @@ g_mime_multipart_signed_sign (GMimeMultipartSigned *mps, GMimeObject *content,
 	sigstream = g_mime_stream_mem_new ();
 	
 	/* sign the content stream */
-	if ((rv = g_mime_crypto_context_sign (ctx, userid, hash, filtered, sigstream, err)) == -1) {
+	if ((rv = g_mime_crypto_context_sign (ctx, userid, digest, filtered, sigstream, err)) == -1) {
 		g_object_unref (sigstream);
 		g_object_unref (filtered);
 		g_object_unref (stream);
@@ -282,7 +282,7 @@ g_mime_multipart_signed_sign (GMimeMultipartSigned *mps, GMimeObject *content,
 	/* set the multipart/signed protocol and micalg */
 	content_type = g_mime_object_get_content_type (GMIME_OBJECT (mps));
 	g_mime_content_type_set_parameter (content_type, "protocol", protocol);
-	micalg = g_strdup (g_mime_crypto_context_hash_name (ctx, (GMimeCryptoHash) rv));
+	micalg = g_strdup (g_mime_crypto_context_digest_name (ctx, (GMimeDigestAlgo) rv));
 	g_mime_content_type_set_parameter (content_type, "micalg", micalg);
 	g_mime_multipart_set_boundary (GMIME_MULTIPART (mps), NULL);
 	
@@ -331,22 +331,22 @@ g_mime_multipart_signed_sign (GMimeMultipartSigned *mps, GMimeObject *content,
  * Attempts to verify the signed MIME part contained within the
  * multipart/signed object @mps using the @ctx crypto context.
  *
- * Returns: a new #GMimeSignatureValidity object on success or %NULL
- * on fail. If the signing fails, an exception will be set on @err to
- * provide information as to why the failure occured.
+ * Returns: a new #GMimeSignatureList object on success or %NULL on fail. If
+ * the verification fails, an exception will be set on @err to provide
+ * information as to why the failure occured.
  **/
-GMimeSignatureValidity *
+GMimeSignatureList *
 g_mime_multipart_signed_verify (GMimeMultipartSigned *mps, GMimeCryptoContext *ctx,
 				GError **err)
 {
 	const char *supported, *protocol, *micalg;
 	GMimeObject *content, *signature;
 	GMimeStream *stream, *sigstream;
-	GMimeSignatureValidity *valid;
+	GMimeSignatureList *signatures;
 	GMimeStream *filtered_stream;
 	GMimeDataWrapper *wrapper;
 	GMimeFilter *crlf_filter;
-	GMimeCryptoHash hash;
+	GMimeDigestAlgo digest;
 	char *content_type;
 	
 	g_return_val_if_fail (GMIME_IS_MULTIPART_SIGNED (mps), NULL);
@@ -427,13 +427,13 @@ g_mime_multipart_signed_verify (GMimeMultipartSigned *mps, GMimeCryptoContext *c
 	g_mime_stream_reset (sigstream);
 	
 	/* verify the signature */
-	hash = g_mime_crypto_context_hash_id (ctx, micalg);
-	valid = g_mime_crypto_context_verify (ctx, hash, stream, sigstream, err);
+	digest = g_mime_crypto_context_digest_id (ctx, micalg);
+	signatures = g_mime_crypto_context_verify (ctx, digest, stream, sigstream, err);
 	
 	d(printf ("attempted to verify:\n----- BEGIN SIGNED PART -----\n%.*s----- END SIGNED PART -----\n",
 		  (int) GMIME_STREAM_MEM (stream)->buffer->len, GMIME_STREAM_MEM (stream)->buffer->data));
 	
 	g_object_unref (stream);
 	
-	return valid;
+	return signatures;
 }
diff --git a/gmime/gmime-multipart-signed.h b/gmime/gmime-multipart-signed.h
index e6d51a0..21bc91e 100644
--- a/gmime/gmime-multipart-signed.h
+++ b/gmime/gmime-multipart-signed.h
@@ -66,11 +66,11 @@ GMimeMultipartSigned *g_mime_multipart_signed_new (void);
 
 int g_mime_multipart_signed_sign (GMimeMultipartSigned *mps, GMimeObject *content,
 				  GMimeCryptoContext *ctx, const char *userid,
-				  GMimeCryptoHash hash, GError **err);
+				  GMimeDigestAlgo digest, GError **err);
 
-GMimeSignatureValidity *g_mime_multipart_signed_verify (GMimeMultipartSigned *mps,
-							GMimeCryptoContext *ctx,
-							GError **err);
+GMimeSignatureList *g_mime_multipart_signed_verify (GMimeMultipartSigned *mps,
+						    GMimeCryptoContext *ctx,
+						    GError **err);
 
 G_END_DECLS
 
diff --git a/gmime/gmime-pkcs7-context.c b/gmime/gmime-pkcs7-context.c
index 3f909b7..4a5803e 100644
--- a/gmime/gmime-pkcs7-context.c
+++ b/gmime/gmime-pkcs7-context.c
@@ -72,9 +72,9 @@ static void g_mime_pkcs7_context_class_init (GMimePkcs7ContextClass *klass);
 static void g_mime_pkcs7_context_init (GMimePkcs7Context *ctx, GMimePkcs7ContextClass *klass);
 static void g_mime_pkcs7_context_finalize (GObject *object);
 
-static GMimeCryptoHash pkcs7_hash_id (GMimeCryptoContext *ctx, const char *hash);
+static GMimeDigestAlgo pkcs7_digest_id (GMimeCryptoContext *ctx, const char *name);
 
-static const char *pkcs7_hash_name (GMimeCryptoContext *ctx, GMimeCryptoHash hash);
+static const char *pkcs7_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest);
 
 static const char *pkcs7_get_signature_protocol (GMimeCryptoContext *ctx);
 
@@ -83,19 +83,19 @@ static const char *pkcs7_get_encryption_protocol (GMimeCryptoContext *ctx);
 static const char *pkcs7_get_key_exchange_protocol (GMimeCryptoContext *ctx);
 
 static int pkcs7_sign (GMimeCryptoContext *ctx, const char *userid,
-		       GMimeCryptoHash hash, GMimeStream *istream,
+		       GMimeDigestAlgo digest, GMimeStream *istream,
 		       GMimeStream *ostream, GError **err);
 	
-static GMimeSignatureValidity *pkcs7_verify (GMimeCryptoContext *ctx, GMimeCryptoHash hash,
-					     GMimeStream *istream, GMimeStream *sigstream,
-					     GError **err);
+static GMimeSignatureList *pkcs7_verify (GMimeCryptoContext *ctx, GMimeDigestAlgo digest,
+					 GMimeStream *istream, GMimeStream *sigstream,
+					 GError **err);
 
 static int pkcs7_encrypt (GMimeCryptoContext *ctx, gboolean sign, const char *userid,
-			  GMimeCryptoHash hash, GPtrArray *recipients, GMimeStream *istream,
+			  GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
 			  GMimeStream *ostream, GError **err);
 
-static GMimeDecryptionResult *pkcs7_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
-					     GMimeStream *ostream, GError **err);
+static GMimeDecryptResult *pkcs7_decrypt (GMimeCryptoContext *ctx, GMimeStream *istream,
+					  GMimeStream *ostream, GError **err);
 
 static int pkcs7_import_keys (GMimeCryptoContext *ctx, GMimeStream *istream,
 			      GError **err);
@@ -142,8 +142,8 @@ g_mime_pkcs7_context_class_init (GMimePkcs7ContextClass *klass)
 	
 	object_class->finalize = g_mime_pkcs7_context_finalize;
 	
-	crypto_class->hash_id = pkcs7_hash_id;
-	crypto_class->hash_name = pkcs7_hash_name;
+	crypto_class->digest_id = pkcs7_digest_id;
+	crypto_class->digest_name = pkcs7_digest_name;
 	crypto_class->sign = pkcs7_sign;
 	crypto_class->verify = pkcs7_verify;
 	crypto_class->encrypt = pkcs7_encrypt;
@@ -182,63 +182,63 @@ g_mime_pkcs7_context_finalize (GObject *object)
 	G_OBJECT_CLASS (parent_class)->finalize (object);
 }
 
-static GMimeCryptoHash
-pkcs7_hash_id (GMimeCryptoContext *ctx, const char *hash)
+static GMimeDigestAlgo
+pkcs7_digest_id (GMimeCryptoContext *ctx, const char *name)
 {
-	if (hash == NULL)
-		return GMIME_CRYPTO_HASH_DEFAULT;
-	
-	if (!g_ascii_strcasecmp (hash, "md2"))
-		return GMIME_CRYPTO_HASH_MD2;
-	else if (!g_ascii_strcasecmp (hash, "md4"))
-		return GMIME_CRYPTO_HASH_MD4;
-	else if (!g_ascii_strcasecmp (hash, "md5"))
-		return GMIME_CRYPTO_HASH_MD5;
-	else if (!g_ascii_strcasecmp (hash, "sha1"))
-		return GMIME_CRYPTO_HASH_SHA1;
-	else if (!g_ascii_strcasecmp (hash, "sha224"))
-		return GMIME_CRYPTO_HASH_SHA224;
-	else if (!g_ascii_strcasecmp (hash, "sha256"))
-		return GMIME_CRYPTO_HASH_SHA256;
-	else if (!g_ascii_strcasecmp (hash, "sha384"))
-		return GMIME_CRYPTO_HASH_SHA384;
-	else if (!g_ascii_strcasecmp (hash, "sha512"))
-		return GMIME_CRYPTO_HASH_SHA512;
-	else if (!g_ascii_strcasecmp (hash, "ripemd160"))
-		return GMIME_CRYPTO_HASH_RIPEMD160;
-	else if (!g_ascii_strcasecmp (hash, "tiger192"))
-		return GMIME_CRYPTO_HASH_TIGER192;
-	else if (!g_ascii_strcasecmp (hash, "haval-5-160"))
-		return GMIME_CRYPTO_HASH_HAVAL5160;
-	
-	return GMIME_CRYPTO_HASH_DEFAULT;
+	if (name == NULL)
+		return GMIME_DIGEST_ALGO_DEFAULT;
+	
+	if (!g_ascii_strcasecmp (name, "md2"))
+		return GMIME_DIGEST_ALGO_MD2;
+	else if (!g_ascii_strcasecmp (name, "md4"))
+		return GMIME_DIGEST_ALGO_MD4;
+	else if (!g_ascii_strcasecmp (name, "md5"))
+		return GMIME_DIGEST_ALGO_MD5;
+	else if (!g_ascii_strcasecmp (name, "sha1"))
+		return GMIME_DIGEST_ALGO_SHA1;
+	else if (!g_ascii_strcasecmp (name, "sha224"))
+		return GMIME_DIGEST_ALGO_SHA224;
+	else if (!g_ascii_strcasecmp (name, "sha256"))
+		return GMIME_DIGEST_ALGO_SHA256;
+	else if (!g_ascii_strcasecmp (name, "sha384"))
+		return GMIME_DIGEST_ALGO_SHA384;
+	else if (!g_ascii_strcasecmp (name, "sha512"))
+		return GMIME_DIGEST_ALGO_SHA512;
+	else if (!g_ascii_strcasecmp (name, "ripemd160"))
+		return GMIME_DIGEST_ALGO_RIPEMD160;
+	else if (!g_ascii_strcasecmp (name, "tiger192"))
+		return GMIME_DIGEST_ALGO_TIGER192;
+	else if (!g_ascii_strcasecmp (name, "haval-5-160"))
+		return GMIME_DIGEST_ALGO_HAVAL5160;
+	
+	return GMIME_DIGEST_ALGO_DEFAULT;
 }
 
 static const char *
-pkcs7_hash_name (GMimeCryptoContext *ctx, GMimeCryptoHash hash)
+pkcs7_digest_name (GMimeCryptoContext *ctx, GMimeDigestAlgo digest)
 {
-	switch (hash) {
-	case GMIME_CRYPTO_HASH_MD2:
+	switch (digest) {
+	case GMIME_DIGEST_ALGO_MD2:
 		return "md2";
-	case GMIME_CRYPTO_HASH_MD4:
+	case GMIME_DIGEST_ALGO_MD4:
 		return "md4";
-	case GMIME_CRYPTO_HASH_MD5:
+	case GMIME_DIGEST_ALGO_MD5:
 		return "md5";
-	case GMIME_CRYPTO_HASH_SHA1:
+	case GMIME_DIGEST_ALGO_SHA1:
 		return "sha1";
-	case GMIME_CRYPTO_HASH_SHA224:
+	case GMIME_DIGEST_ALGO_SHA224:
 		return "sha224";
-	case GMIME_CRYPTO_HASH_SHA256:
+	case GMIME_DIGEST_ALGO_SHA256:
 		return "sha256";
-	case GMIME_CRYPTO_HASH_SHA384:
+	case GMIME_DIGEST_ALGO_SHA384:
 		return "sha384";
-	case GMIME_CRYPTO_HASH_SHA512:
+	case GMIME_DIGEST_ALGO_SHA512:
 		return "sha512";
-	case GMIME_CRYPTO_HASH_RIPEMD160:
+	case GMIME_DIGEST_ALGO_RIPEMD160:
 		return "ripemd160";
-	case GMIME_CRYPTO_HASH_TIGER192:
+	case GMIME_DIGEST_ALGO_TIGER192:
 		return "tiger192";
-	case GMIME_CRYPTO_HASH_HAVAL5160:
+	case GMIME_DIGEST_ALGO_HAVAL5160:
 		return "haval-5-160";
 	default:
 		return "sha1";
@@ -435,7 +435,7 @@ pkcs7_add_signer (Pkcs7Ctx *pkcs7, const char *signer, GError **err)
 #endif /* ENABLE_SMIME */
 
 static int
-pkcs7_sign (GMimeCryptoContext *context, const char *userid, GMimeCryptoHash hash,
+pkcs7_sign (GMimeCryptoContext *context, const char *userid, GMimeDigestAlgo digest,
 	    GMimeStream *istream, GMimeStream *ostream, GError **err)
 {
 #ifdef ENABLE_SMIME
@@ -472,10 +472,10 @@ pkcs7_sign (GMimeCryptoContext *context, const char *userid, GMimeCryptoHash has
 	gpgme_data_release (output);
 	gpgme_data_release (input);
 	
-	/* return the hash algorithm used for signing */
+	/* return the digest algorithm used for signing */
 	result = gpgme_op_sign_result (pkcs7->ctx);
 	
-	return pkcs7_hash_id (context, gpgme_hash_algo_name (result->signatures->hash_algo));
+	return pkcs7_digest_id (context, gpgme_hash_algo_name (result->signatures->hash_algo));
 #else
 	g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("S/MIME support is not enabled in this build"));
 	
@@ -484,30 +484,30 @@ pkcs7_sign (GMimeCryptoContext *context, const char *userid, GMimeCryptoHash has
 }
 
 #ifdef ENABLE_SMIME
-static GMimeSignerTrust
+static GMimeCertificateTrust
 pkcs7_trust (gpgme_validity_t trust)
 {
 	switch (trust) {
 	case GPGME_VALIDITY_UNKNOWN:
-		return GMIME_SIGNER_TRUST_NONE;
+		return GMIME_CERTIFICATE_TRUST_NONE;
 	case GPGME_VALIDITY_UNDEFINED:
-		return GMIME_SIGNER_TRUST_UNDEFINED;
+		return GMIME_CERTIFICATE_TRUST_UNDEFINED;
 	case GPGME_VALIDITY_NEVER:
-		return GMIME_SIGNER_TRUST_NEVER;
+		return GMIME_CERTIFICATE_TRUST_NEVER;
 	case GPGME_VALIDITY_MARGINAL:
-		return GMIME_SIGNER_TRUST_MARGINAL;
+		return GMIME_CERTIFICATE_TRUST_MARGINAL;
 	case GPGME_VALIDITY_FULL:
-		return GMIME_SIGNER_TRUST_FULLY;
+		return GMIME_CERTIFICATE_TRUST_FULLY;
 	case GPGME_VALIDITY_ULTIMATE:
-		return GMIME_SIGNER_TRUST_ULTIMATE;
+		return GMIME_CERTIFICATE_TRUST_ULTIMATE;
 	}
 }
 
-static GMimeSignatureValidity *
-pkcs7_get_validity (Pkcs7Ctx *pkcs7, gboolean verify)
+static GMimeSignatureList *
+pkcs7_get_signatures (Pkcs7Ctx *pkcs7, gboolean verify)
 {
-	GMimeSignatureValidity *validity;
-	GMimeSigner *signers, *signer;
+	GMimeSignatureList *signatures;
+	GMimeSignature *signature;
 	gpgme_verify_result_t result;
 	gpgme_subkey_t subkey;
 	gpgme_signature_t sig;
@@ -516,54 +516,53 @@ pkcs7_get_validity (Pkcs7Ctx *pkcs7, gboolean verify)
 	
 	/* get the signature verification results from GpgMe */
 	if (!(result = gpgme_op_verify_result (pkcs7->ctx)) || !result->signatures)
-		return verify ? g_mime_signature_validity_new () : NULL;
+		return verify ? g_mime_signature_list_new () : NULL;
 	
-	/* create a new signature validity to return */
-	validity = g_mime_signature_validity_new ();
+	/* create a new signature list to return */
+	signatures = g_mime_signature_list_new ();
 	
-	/* collect the signers for this signature */
-	signers = (GMimeSigner *) &validity->signers;
 	sig = result->signatures;
 	
 	while (sig != NULL) {
+		signature = g_mime_signature_new ();
+		g_mime_signature_list_add (signatures, signature);
+		
 		if (sig->status != GPG_ERR_NO_ERROR)
-			signer = g_mime_signer_new (GMIME_SIGNER_STATUS_ERROR);
+			g_mime_signature_set_status (signature, GMIME_SIGNATURE_STATUS_ERROR);
 		else
-			signer = g_mime_signer_new (GMIME_SIGNER_STATUS_GOOD);
-		signers->next = signer;
-		signers = signer;
+			g_mime_signature_set_status (signature, GMIME_SIGNATURE_STATUS_GOOD);
 		
-		g_mime_signer_set_pubkey_algo (signer, sig->pubkey_algo);
-		g_mime_signer_set_hash_algo (signer, sig->hash_algo);
-		g_mime_signer_set_sig_expires (signer, sig->exp_timestamp);
-		g_mime_signer_set_sig_created (signer, sig->timestamp);
-		g_mime_signer_set_fingerprint (signer, sig->fpr);
+		g_mime_certificate_set_pubkey_algo (signature->cert, sig->pubkey_algo);
+		g_mime_certificate_set_digest_algo (signature->cert, sig->hash_algo);
+		g_mime_certificate_set_fingerprint (signature->cert, sig->fpr);
+		g_mime_signature_set_expires (signature, sig->exp_timestamp);
+		g_mime_signature_set_created (signature, sig->timestamp);
 		
 		if (sig->exp_timestamp != 0 && sig->exp_timestamp <= time (NULL)) {
 			/* signature expired, automatically results in a BAD signature */
-			signer->errors |= GMIME_SIGNER_ERROR_EXPSIG;
-			signer->status = GMIME_SIGNER_STATUS_BAD;
+			signature->errors |= GMIME_SIGNATURE_ERROR_EXPSIG;
+			signature->status = GMIME_SIGNATURE_STATUS_BAD;
 		}
 		
 		if (gpgme_get_key (pkcs7->ctx, sig->fpr, &key, 0) == GPG_ERR_NO_ERROR && key) {
 			/* get more signer info from their signing key */
-			g_mime_signer_set_trust (signer, pkcs7_trust (key->owner_trust));
-			g_mime_signer_set_issuer_serial (signer, key->issuer_serial);
-			g_mime_signer_set_issuer_name (signer, key->issuer_name);
+			g_mime_certificate_set_trust (signature->cert, pkcs7_trust (key->owner_trust));
+			g_mime_certificate_set_issuer_serial (signature->cert, key->issuer_serial);
+			g_mime_certificate_set_issuer_name (signature->cert, key->issuer_name);
 			
 			/* get the keyid, name, and email address */
 			uid = key->uids;
 			while (uid) {
 				if (uid->name && *uid->name)
-					g_mime_signer_set_name (signer, uid->name);
+					g_mime_certificate_set_name (signature->cert, uid->name);
 				
 				if (uid->email && *uid->email)
-					g_mime_signer_set_email (signer, uid->email);
+					g_mime_certificate_set_email (signature->cert, uid->email);
 				
 				if (uid->uid && *uid->uid)
-					g_mime_signer_set_key_id (signer, uid->uid);
+					g_mime_certificate_set_key_id (signature->cert, uid->uid);
 				
-				if (signer->name && signer->email && signer->keyid)
+				if (signature->cert->name && signature->cert->email && signature->cert->keyid)
 					break;
 				
 				uid = uid->next;
@@ -575,27 +574,27 @@ pkcs7_get_validity (Pkcs7Ctx *pkcs7, gboolean verify)
 				subkey = subkey->next;
 			
 			if (subkey) {
-				g_mime_signer_set_key_created (signer, subkey->timestamp);
-				g_mime_signer_set_key_expires (signer, subkey->expires);
+				g_mime_certificate_set_created (signature->cert, subkey->timestamp);
+				g_mime_certificate_set_expires (signature->cert, subkey->expires);
 				
 				if (subkey->revoked) {
 					/* signer's key has been revoked, automatic BAD status */
-					signer->errors |= GMIME_SIGNER_ERROR_REVKEYSIG;
-					signer->status = GMIME_SIGNER_STATUS_BAD;
+					signature->errors |= GMIME_SIGNATURE_ERROR_REVKEYSIG;
+					signature->status = GMIME_SIGNATURE_STATUS_BAD;
 				}
 				
 				if (subkey->expired) {
 					/* signer's key has expired, automatic BAD status */
-					signer->errors |= GMIME_SIGNER_ERROR_EXPKEYSIG;
-					signer->status = GMIME_SIGNER_STATUS_BAD;
+					signature->errors |= GMIME_SIGNATURE_ERROR_EXPKEYSIG;
+					signature->status = GMIME_SIGNATURE_STATUS_BAD;
 				}
 			} else {
 				/* If we don't have the subkey used by the signer, then we can't
 				 * tell what the status is, so set to ERROR if it hasn't already
 				 * been designated as BAD. */
-				if (signer->status != GMIME_SIGNER_STATUS_BAD)
-					signer->status = GMIME_SIGNER_STATUS_ERROR;
-				signer->errors |= GMIME_SIGNER_ERROR_NO_PUBKEY;
+				if (signature->status != GMIME_SIGNATURE_STATUS_BAD)
+					signature->status = GMIME_SIGNATURE_STATUS_ERROR;
+				signature->errors |= GMIME_SIGNATURE_ERROR_NO_PUBKEY;
 			}
 			
 			gpgme_key_unref (key);
@@ -603,21 +602,21 @@ pkcs7_get_validity (Pkcs7Ctx *pkcs7, gboolean verify)
 			/* If we don't have the signer's public key, then we can't tell what
 			 * the status is, so set it to ERROR if it hasn't already been
 			 * designated as BAD. */
-			g_mime_signer_set_trust (signer, GMIME_SIGNER_TRUST_UNDEFINED);
-			if (signer->status != GMIME_SIGNER_STATUS_BAD)
-				signer->status = GMIME_SIGNER_STATUS_ERROR;
-			signer->errors |= GMIME_SIGNER_ERROR_NO_PUBKEY;
+			g_mime_certificate_set_trust (signature->cert, GMIME_CERTIFICATE_TRUST_UNDEFINED);
+			if (signature->status != GMIME_SIGNATURE_STATUS_BAD)
+				signature->status = GMIME_SIGNATURE_STATUS_ERROR;
+			signature->errors |= GMIME_SIGNATURE_ERROR_NO_PUBKEY;
 		}
 		
 		sig = sig->next;
 	}
 	
-	return validity;
+	return signatures;
 }
 #endif /* ENABLE_SMIME */
 
-static GMimeSignatureValidity *
-pkcs7_verify (GMimeCryptoContext *context, GMimeCryptoHash hash,
+static GMimeSignatureList *
+pkcs7_verify (GMimeCryptoContext *context, GMimeDigestAlgo digest,
 	      GMimeStream *istream, GMimeStream *sigstream,
 	      GError **err)
 {
@@ -657,8 +656,8 @@ pkcs7_verify (GMimeCryptoContext *context, GMimeCryptoHash hash,
 	if (message)
 		gpgme_data_release (message);
 	
-	/* get/return the pkcs7 signature validity */
-	return pkcs7_get_validity (pkcs7, TRUE);
+	/* get/return the pkcs7 signatures */
+	return pkcs7_get_signatures (pkcs7, TRUE);
 #else
 	g_set_error (err, GMIME_ERROR, GMIME_ERROR_NOT_SUPPORTED, _("S/MIME support is not enabled in this build"));
 	
@@ -683,7 +682,7 @@ key_list_free (gpgme_key_t *keys)
 
 static int
 pkcs7_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
-	       GMimeCryptoHash hash, GPtrArray *recipients, GMimeStream *istream,
+	       GMimeDigestAlgo digest, GPtrArray *recipients, GMimeStream *istream,
 	       GMimeStream *ostream, GError **err)
 {
 #ifdef ENABLE_SMIME
@@ -745,44 +744,42 @@ pkcs7_encrypt (GMimeCryptoContext *context, gboolean sign, const char *userid,
 }
 
 
-static GMimeDecryptionResult *
+static GMimeDecryptResult *
 pkcs7_get_decrypt_result (Pkcs7Ctx *pkcs7)
 {
-	GMimeCryptoRecipient *recipient, *recipients;
-	GMimeDecryptionResult *result;
+	GMimeDecryptResult *result;
 	gpgme_decrypt_result_t res;
-	gpgme_recipient_t recip;
+	gpgme_recipient_t recipient;
+	GMimeCertificate *cert;
 	
-	result = g_mime_decryption_result_new ();
-	result->validity = pkcs7_get_validity (pkcs7, FALSE);
+	result = g_mime_decrypt_result_new ();
+	result->recipients = g_mime_certificate_list_new ();
+	result->signatures = pkcs7_get_signatures (pkcs7, FALSE);
 	
 	if (!(res = gpgme_op_decrypt_result (pkcs7->ctx)) || !res->recipients)
 		return result;
 	
-	recipients = (GMimeCryptoRecipient *) &result->recipients;
-	
-	recip = res->recipients;
-	while (recip != NULL) {
-		recipient = g_mime_crypto_recipient_new ();
-		recipients->next = recipient;
-		recipients = recipient;
+	recipient = res->recipients;
+	while (recipient != NULL) {
+		cert = g_mime_certificate_new ();
+		g_mime_certificate_list_add (result->recipients, cert);
 		
-		g_mime_crypto_recipient_set_pubkey_algo (recipient, recip->pubkey_algo);
-		g_mime_crypto_recipient_set_key_id (recipient, recip->keyid);
+		g_mime_certificate_set_pubkey_algo (cert, recipient->pubkey_algo);
+		g_mime_certificate_set_key_id (cert, recipient->keyid);
 		
-		recip = recip->next;
+		recipient = recipient->next;
 	}
 	
 	return result;
 }
 
-static GMimeDecryptionResult *
+static GMimeDecryptResult *
 pkcs7_decrypt (GMimeCryptoContext *context, GMimeStream *istream,
 	       GMimeStream *ostream, GError **err)
 {
 #ifdef ENABLE_SMIME
 	GMimePkcs7Context *ctx = (GMimePkcs7Context *) context;
-	GMimeDecryptionResult *result;
+	GMimeDecryptResult *result;
 	Pkcs7Ctx *pkcs7 = ctx->priv;
 	gpgme_decrypt_result_t res;
 	gpgme_data_t input, output;
diff --git a/gmime/gmime-signature.c b/gmime/gmime-signature.c
index d7695d9..f26c935 100644
--- a/gmime/gmime-signature.c
+++ b/gmime/gmime-signature.c
@@ -23,6 +23,8 @@
 #include <config.h>
 #endif
 
+#include <string.h>
+
 #include "gmime-signature.h"
 
 
@@ -83,9 +85,9 @@ g_mime_signature_init (GMimeSignature *sig, GMimeSignatureClass *klass)
 {
 	sig->status = GMIME_SIGNATURE_STATUS_GOOD;
 	sig->errors = GMIME_SIGNATURE_ERROR_NONE;
+	sig->cert = g_mime_certificate_new ();
 	sig->created = (time_t) -1;
 	sig->expires = (time_t) -1;
-	sig->cert = NULL;
 }
 
 static void
@@ -383,7 +385,7 @@ g_mime_signature_list_new (void)
 int
 g_mime_signature_list_length (GMimeSignatureList *list)
 {
-	g_return_val_if_fail (IS_G_MIME_SIGNATURE_LIST (list), -1);
+	g_return_val_if_fail (GMIME_IS_SIGNATURE_LIST (list), -1);
 	
 	return list->array->len;
 }
@@ -401,7 +403,7 @@ g_mime_signature_list_clear (GMimeSignatureList *list)
 	GMimeSignature *sig;
 	guint i;
 	
-	g_return_if_fail (IS_G_MIME_SIGNATURE_LIST (list));
+	g_return_if_fail (GMIME_IS_SIGNATURE_LIST (list));
 	
 	for (i = 0; i < list->array->len; i++) {
 		sig = (GMimeSignature *) list->array->pdata[i];