diff -rU3 cacert.orig/pages/gpg/0.php cacert/pages/gpg/0.php
--- cacert.orig/pages/gpg/0.php	2007-01-30 15:08:15.000000000 +0100
+++ cacert/pages/gpg/0.php	2007-07-18 13:55:10.000000000 +0200
@@ -20,3 +20,11 @@
 <input type="submit" name="process" value="<?=_("Submit")?>">
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
+
+<p><?=_("Alternatively, you can upload a file containing your key.")?></p>
+<p><?=_("DO NOT upload your complete keyring!")?></p>
+<form method="post" action="gpg.php" enctype="multipart/form-data">
+<input type="file" name="CSRfile">
+<input type="submit" name="process" value="<?=_("Submit")?>">
+<input type="hidden" name="oldid" value="<?=$id?>">
+</form>
diff -rU3 cacert.orig/www/gpg.php cacert/www/gpg.php
--- cacert.orig/www/gpg.php	2007-02-07 16:51:20.000000000 +0100
+++ cacert/www/gpg.php	2007-07-18 14:41:12.000000000 +0200
@@ -28,7 +28,7 @@
 
 	if($oldid == "0")
 	{
-		if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "")
+		if($_REQUEST['process'] == _("Submit") && $_REQUEST['CSR'] == "" && $_FILES['CSRfile']['tmp_name'] == "")
 		{
 			$_SESSION['_config']['errmsg'] = _("You failed to paste a valid GPG/PGP key.");
 			$id = $oldid;
@@ -38,10 +38,17 @@
 
 	$keyid="";
 
-	if($oldid == "0" && $_REQUEST['CSR'] != "")
+	if($oldid == "0" && ($_REQUEST['CSR'] != ""
+			     || $_FILES['CSRfile']['tmp_name'] != ""))
 	{
-		$debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
-		$debugpg = $gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
+		if ($_REQUEST['CSR'] != "") {
+			$debugkey = $gpgkey = clean_csr(stripslashes($_REQUEST['CSR']));
+			$debugpg = $gpg = mysql_real_escape_string(trim(`echo "$gpgkey"|gpg --with-colons --homedir /tmp 2>&1`));
+		} else {
+			$debugkey = $gpgkey = $_FILES['CSRfile']['tmp_name'];
+			$debugpg = $gpg = mysql_real_escape_string(trim(`gpg --with-colons --homedir /tmp 2>&1 "$gpgkey"`));
+			echo "<pre>\n$gpgkey\n$gpg\n</pre>";
+		}
 		$lines = "";
 		$gpgarr = explode("\n", $gpg);
 		foreach($gpgarr as $line)
@@ -140,9 +147,13 @@
 			unset($oldid);
 			$do = `echo "$debugkey\n--\n$debugpg\n--" >> /www/tmp/gpg.debug`;
 		}
+		if ($oldid != "0" && $_FILES['CSRfile']['tmp_name'] != "") {
+			unlink($_FILES['CSRfile']['tmp_name']);
+		}
  	}
 
-	if($oldid == "0" && $_REQUEST['CSR'] != "")
+	if($oldid == "0" && ($_REQUEST['CSR'] != ""
+			     || $_FILES['CSRfile']['tmp_name'] != ""))
 	{
 		$query = "insert into `gpg` set `memid`='".$_SESSION['profile']['id']."',
 						`email`='".mysql_real_escape_string($emailaddies['0'])."',
@@ -156,12 +167,15 @@
 		$cwd = '/tmp/gpgspace'.$id;
 		mkdir($cwd,0755);
 
-		$fp = fopen("$cwd/gpg.csr", "w");
-		fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
-		fclose($fp);
-
-
-		system("gpg --homedir $cwd --import $cwd/gpg.csr");
+		if ($_REQUEST['CSR'] != "") {
+			$fp = fopen("$cwd/gpg.csr", "w");
+			fputs($fp, clean_csr(stripslashes($_REQUEST['CSR'])));
+			fclose($fp);
+			system("gpg --homedir $cwd --import $cwd/gpg.csr");
+		} else {
+			system("gpg --homedir $cwd --import \"$gpgkey\"");
+			unlink($_FILES['CSRfile']['tmp_name']);
+		}
 
 		$descriptorspec = array(
 			0 => array("pipe", "r"),  // stdin is a pipe that the child will read from