--- git-remote-gcrypt-0.20130908.orig/README.rst
+++ git-remote-gcrypt-0.20130908/README.rst
@@ -60,10 +60,13 @@
     The ``gcrypt-participants`` setting on the remote takes precedence
     over the repository variable ``gcrypt.participants``.
 
+``remote.<name>.gcrypt-signingkey``
+    ..
 ``user.signingkey``
-    (From regular git configuration) The key to use for signing.  You
-    should set ``user.signingkey`` if your default signing key is not
-    part of the participant list.
+    (The latter from regular git configuration) The key to use for signing.
+    You should set ``user.signingkey`` if your default signing key is not
+    part of the participant list. You may use the per-remote version
+    to sign different remotes using different keys.
 
 Environment Variables
 =====================
@@ -170,6 +173,17 @@
 ``extn <name> ...``
     Extension field, preserved but unused.
 
+Detecting gcrypt repos
+======================
+
+To detect if a git url is a gcrypt repo, use: git-remote-gcrypt --check url
+Exit status if 0 if the repo exists and can be decrypted, 1 if the repo
+uses gcrypt but could not be decrypted, and 100 if the repo is not
+encrypted with gcrypt (or could not be accessed).
+
+Note that this has to fetch the repo contents into the local git
+repository, the same as is done when using a gcrypt repo.
+
 See Also
 ========
 
--- git-remote-gcrypt-0.20130908.orig/debian/changelog
+++ git-remote-gcrypt-0.20130908/debian/changelog
@@ -0,0 +1,35 @@
+git-remote-gcrypt (0.20130908-5) unstable; urgency=low
+
+  * Better signature validation for subkeys.
+    Closes https://github.com/blake2-ppc/git-remote-gcrypt/pull/7
+  * Stop passing --fast-list to gpg as this sometimes causes it to not
+    display key fingerprints, which git-remote-gcrpyt needs.
+    Closes https://github.com/blake2-ppc/git-remote-gcrypt/issues/8
+
+ -- Joey Hess <joeyh@debian.org>  Thu, 26 Sep 2013 15:58:52 -0400
+
+git-remote-gcrypt (0.20130908-4) unstable; urgency=low
+
+  * Added --check option.
+
+ -- Joey Hess <joeyh@debian.org>  Thu, 19 Sep 2013 12:10:24 -0400
+
+git-remote-gcrypt (0.20130908-3) unstable; urgency=low
+
+  * Add remote.<name>.gcrypt-signingkey config.
+
+ -- Joey Hess <joeyh@debian.org>  Tue, 17 Sep 2013 15:33:35 -0400
+
+git-remote-gcrypt (0.20130908-2) unstable; urgency=low
+
+  * Set --trust-model=always when encrypting.
+    Needed to interoperate with git-annex.
+    Closes https://github.com/blake2-ppc/git-remote-gcrypt/issues/3
+
+ -- Joey Hess <joeyh@debian.org>  Mon, 16 Sep 2013 15:49:16 -0400
+
+git-remote-gcrypt (0.20130908-1) unstable; urgency=low
+
+  * Initial release.
+
+ -- Joey Hess <joeyh@debian.org>  Sun, 08 Sep 2013 20:08:23 -0400
--- git-remote-gcrypt-0.20130908.orig/debian/compat
+++ git-remote-gcrypt-0.20130908/debian/compat
@@ -0,0 +1 @@
+9
--- git-remote-gcrypt-0.20130908.orig/debian/control
+++ git-remote-gcrypt-0.20130908/debian/control
@@ -0,0 +1,22 @@
+Source: git-remote-gcrypt
+Section: vcs
+Priority: optional
+Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.9.0)
+Maintainer: Joey Hess <joeyh@debian.org>
+Standards-Version: 3.9.4
+Homepage: https://github.com/blake2-ppc/git-remote-gcrypt
+
+Package: git-remote-gcrypt
+Architecture: all
+Section: vcs
+Depends: git, gnupg | gnupg2, ${misc:Depends}
+Recommends: rsync, curl
+Description: encrypted git repositories
+ This lets git store git repositories in encrypted form.
+ It supports storing repositories on rsync or sftp servers.
+ It can also store the encrypted git repository inside a remote git
+ repository. All the regular git commands like git push and git pull
+ can be used to operate on such an encrypted repository.
+ .
+ The aim is to provide confidential, authenticated git storage and
+ collaboration using typical untrusted file hosts or services.
--- git-remote-gcrypt-0.20130908.orig/debian/copyright
+++ git-remote-gcrypt-0.20130908/debian/copyright
@@ -0,0 +1,8 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: https://github.com/blake2-ppc/git-remote-gcrypt
+
+Files: *
+Copyright: 2013 by engla
+License: GPL-2+
+ On Debian systems, the complete text of the GPL can be found in
+ /usr/share/common-licenses/GPL.
--- git-remote-gcrypt-0.20130908.orig/debian/docs
+++ git-remote-gcrypt-0.20130908/debian/docs
@@ -0,0 +1 @@
+README.rst
--- git-remote-gcrypt-0.20130908.orig/debian/rules
+++ git-remote-gcrypt-0.20130908/debian/rules
@@ -0,0 +1,11 @@
+#!/usr/bin/make -f
+%:
+	dh $@
+
+override_dh_auto_build:
+	true
+override_dh_auto_clean:
+	true
+
+override_dh_auto_install:
+	prefix=/usr DESTDIR=debian/git-remote-gcrypt ./install.sh
--- git-remote-gcrypt-0.20130908.orig/git-remote-gcrypt
+++ git-remote-gcrypt-0.20130908/git-remote-gcrypt
@@ -313,7 +313,7 @@
 
 ENCRYPT()
 {
-	gpg --batch --force-mdc --compress-algo none --passphrase-fd 3 -c 3<<EOF
+	gpg --batch --force-mdc --compress-algo none --trust-model=always --passphrase-fd 3 -c 3<<EOF
 $1
 EOF
 }
@@ -333,7 +333,7 @@
 	if isnonnull "$Conf_signkey"; then
 		set -- "$@" -u "$Conf_signkey"
 	fi
-	gpg --compress-algo none -se "$@"
+	gpg --compress-algo none --trust-model=always -se "$@"
 }
 
 # $1 is the match for good signature, $2 is the textual signers list
@@ -388,8 +388,9 @@
 # $1 return var for goodsig match, $2 return var for signers text
 read_config()
 {
-	local recp_= r_keyinfo= cap_= conf_part= good_sig= signers_=
-	Conf_signkey=$(git config --path user.signingkey || :)
+	local recp_= r_keyinfo= r_keyfpr= gpg_list= cap_= conf_part= good_sig= signers_=
+	Conf_signkey=$(git config --get "remote.$NAME.gcrypt-signingkey" '.+' ||
+		git config --path user.signingkey || :)
 	conf_part=$(git config --get "remote.$NAME.gcrypt-participants" '.+' ||
 		    git config --get gcrypt.participants '.+' || :)
 
@@ -406,16 +407,21 @@
 
 	for recp_ in $conf_part
 	do
-		filter_to @r_keyinfo "pub*" \
-			"$(gpg --with-colons --fast-list -k "$recp_")"
+		gpg_list=$(gpg --with-colons --fingerprint -k "$recp_")
+		filter_to @r_keyinfo "pub*" "$gpg_list"
+		filter_to @r_keyfpr "fpr*" "$gpg_list"
 		isnull "$r_keyinfo" || isnonnull "${r_keyinfo##*"$Newline"*}" ||
 		echo_info "WARNING: '$recp_' matches multiple keys, using one"
+		isnull "$r_keyfpr" || isnonnull "${r_keyfpr##*"$Newline"*}" ||
+		echo_info "WARNING: '$recp_' matches multiple fingerprints, using one"
 		r_keyinfo=${r_keyinfo%%"$Newline"*}
+		r_keyfpr=${r_keyfpr%%"$Newline"*}
 		keyid_=$(xfeed "$r_keyinfo" cut -f 5 -d :)
+		fprid_=$(xfeed "$r_keyfpr" cut -f 10 -d :)
 
-		isnonnull "$keyid_" &&
+		isnonnull "$fprid_" &&
 		signers_="$signers_ $keyid_" &&
-		append_to @good_sig "^\[GNUPG:\] GOODSIG $keyid_" || {
+		append_to @good_sig "^\[GNUPG:\] VALIDSIG .*$fprid_$" || {
 			echo_info "WARNING: Skipping missing key $recp_"
 			continue
 		}
@@ -778,14 +784,8 @@
 	rm -r -f -- "${Tempdir}" >&2
 }
 
-# handle git-remote-helpers protocol
-gcrypt_main_loop()
+setup()
 {
-	local input_= input_inner= r_args= temp_key=
-
-	NAME=$1  # Remote name
-	URL=$2   # Remote URL
-
 	mkdir -p "$Localdir"
 
 	# Set up a subdirectory in /tmp
@@ -797,6 +797,17 @@
 	trap 'exit 1' 1 2 3 15
 
 	echo_info "Development version -- Repository format MAY CHANGE"
+}
+
+# handle git-remote-helpers protocol
+gcrypt_main_loop()
+{
+	local input_= input_inner= r_args= temp_key=
+
+	NAME=$1  # Remote name
+	URL=$2   # Remote URL
+
+	setup
 
 	while read input_
 	do
@@ -848,4 +859,16 @@
 	done
 }
 
-gcrypt_main_loop "$@"
+if [ "x$1" = x--check ]
+then
+	NAME=dummy-gcrypt-check
+	URL=$2
+	setup
+	ensure_connected
+	if iseq "$Did_find_repo" "no"
+	then
+		exit 100
+	fi
+else
+	gcrypt_main_loop "$@"
+fi