From 5cc1167510854761bbea29d2ded5865ba5e900ef Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 6 Dec 2021 15:10:47 +0800
Subject: [PATCH 1/9] Move keys to models/keys

---
 cmd/admin.go                                  |   3 +-
 cmd/migrate_storage.go                        |   2 +-
 cmd/serv.go                                   |   5 +-
 .../doc/advanced/config-cheat-sheet.en-us.md  |   2 +-
 integrations/api_admin_test.go                |   6 +-
 integrations/api_keys_test.go                 |   8 +-
 integrations/api_private_serv_test.go         |   8 +-
 models/commit.go                              |   8 +-
 models/commit_status.go                       |   5 +-
 models/db/error.go                            |  13 +
 models/error.go                               | 261 ------------------
 models/keys/error.go                          | 248 +++++++++++++++++
 models/{ => keys}/gpg_key.go                  |  11 +-
 models/{ => keys}/gpg_key_add.go              |   2 +-
 .../{ => keys}/gpg_key_commit_verification.go |  65 ++++-
 models/{ => keys}/gpg_key_common.go           |   2 +-
 models/{ => keys}/gpg_key_import.go           |   2 +-
 models/{ => keys}/gpg_key_test.go             |   2 +-
 models/{ => keys}/gpg_key_verify.go           |   2 +-
 models/{ => keys}/ssh_key.go                  |  45 +--
 models/{ => keys}/ssh_key_authorized_keys.go  |   8 +-
 .../ssh_key_authorized_principals.go          |   2 +-
 models/{ => keys}/ssh_key_deploy.go           |  18 +-
 models/{ => keys}/ssh_key_fingerprint.go      |   2 +-
 models/{ => keys}/ssh_key_parse.go            |   5 +-
 models/{ => keys}/ssh_key_principals.go       |   4 +-
 models/{ => keys}/ssh_key_test.go             |   2 +-
 models/pull_sign.go                           |  11 +-
 models/repo.go                                | 182 +++++++++++-
 models/repo_sign.go                           |  62 ++++-
 models/statistic.go                           |   6 +
 models/user.go                                |   9 +-
 models/user_test.go                           |  69 -----
 modules/convert/convert.go                    |  13 +-
 modules/doctor/authorizedkeys.go              |   8 +-
 modules/gitgraph/graph_models.go              |   9 +-
 modules/private/serv.go                       |   8 +-
 modules/ssh/ssh.go                            |  10 +-
 routers/api/v1/admin/user.go                  |   8 +-
 routers/api/v1/repo/key.go                    |  37 ++-
 routers/api/v1/repo/repo.go                   |   7 +-
 routers/api/v1/user/gpg_key.go                |  52 ++--
 routers/api/v1/user/key.go                    |  35 +--
 routers/init.go                               |   3 +-
 routers/private/hook_verification.go          |   4 +-
 routers/private/key.go                        |  12 +-
 routers/private/serv.go                       |  23 +-
 routers/web/admin/repos.go                    |   2 +-
 routers/web/repo/commit.go                    |   7 +-
 routers/web/repo/repo.go                      |   5 +
 routers/web/repo/setting.go                   |  30 +-
 routers/web/repo/settings_test.go             |   5 +-
 routers/web/repo/view.go                      |   7 +-
 routers/web/user/home.go                      |   9 +-
 routers/web/user/setting/keys.go              |  79 +++---
 .../auth/source/ldap/source_authenticate.go   |  10 +-
 services/auth/source/ldap/source_sync.go      |  10 +-
 services/cron/tasks_extended.go               |   5 +-
 services/keys/deploy_key.go                   |  30 ++
 services/keys/main_test.go                    |  16 ++
 services/keys/ssh_key.go                      |  49 ++++
 services/keys/ssh_key_test.go                 |  83 ++++++
 services/repository/files/commit.go           |   3 +-
 services/repository/repository.go             |  10 +-
 services/user/user.go                         |  12 +-
 65 files changed, 1040 insertions(+), 641 deletions(-)
 create mode 100644 models/keys/error.go
 rename models/{ => keys}/gpg_key.go (95%)
 rename models/{ => keys}/gpg_key_add.go (99%)
 rename models/{ => keys}/gpg_key_commit_verification.go (89%)
 rename models/{ => keys}/gpg_key_common.go (99%)
 rename models/{ => keys}/gpg_key_import.go (98%)
 rename models/{ => keys}/gpg_key_test.go (99%)
 rename models/{ => keys}/gpg_key_verify.go (99%)
 rename models/{ => keys}/ssh_key.go (93%)
 rename models/{ => keys}/ssh_key_authorized_keys.go (97%)
 rename models/{ => keys}/ssh_key_authorized_principals.go (99%)
 rename models/{ => keys}/ssh_key_deploy.go (94%)
 rename models/{ => keys}/ssh_key_fingerprint.go (99%)
 rename models/{ => keys}/ssh_key_parse.go (99%)
 rename models/{ => keys}/ssh_key_principals.go (98%)
 rename models/{ => keys}/ssh_key_test.go (99%)
 create mode 100644 services/keys/deploy_key.go
 create mode 100644 services/keys/main_test.go
 create mode 100644 services/keys/ssh_key.go
 create mode 100644 services/keys/ssh_key_test.go

diff --git a/cmd/admin.go b/cmd/admin.go
index d11b824fa12ea..e382c68e68e0f 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -15,6 +15,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -625,7 +626,7 @@ func runRegenerateKeys(_ *cli.Context) error {
 	if err := initDB(ctx); err != nil {
 		return err
 	}
-	return models.RewriteAllPublicKeys()
+	return keys_model.RewriteAllPublicKeys()
 }
 
 func parseOAuth2Config(c *cli.Context) *oauth2.Source {
diff --git a/cmd/migrate_storage.go b/cmd/migrate_storage.go
index fb4b8dcd9a3be..f9770d50e74c8 100644
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -102,7 +102,7 @@ func migrateAvatars(dstStorage storage.ObjectStorage) error {
 }
 
 func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
-	return models.IterateRepository(func(repo *repo_model.Repository) error {
+	return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
diff --git a/cmd/serv.go b/cmd/serv.go
index e34e300cbe438..9c7c5e4302473 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -17,6 +17,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
@@ -129,9 +130,9 @@ func runServ(c *cli.Context) error {
 			return fail("Internal error", "Failed to check provided key: %v", err)
 		}
 		switch key.Type {
-		case models.KeyTypeDeploy:
+		case keys_model.KeyTypeDeploy:
 			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
-		case models.KeyTypePrincipal:
+		case keys_model.KeyTypePrincipal:
 			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
 		default:
 			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index bb2eb1c8caf9f..61e53e17d9267 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -277,7 +277,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
-- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models.PublicKey` and the others are strings which are shellquoted.
+- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `keys_model.PublicKey` and the others are strings which are shellquoted.
 - `SSH_SERVER_CIPHERS`: **aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_KEY_EXCHANGES`: **diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go
index 98270ed587599..98971319caff7 100644
--- a/integrations/api_admin_test.go
+++ b/integrations/api_admin_test.go
@@ -9,7 +9,7 @@ import (
 	"net/http"
 	"testing"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/json"
@@ -34,7 +34,7 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
 
 	var newPublicKey api.PublicKey
 	DecodeJSON(t, resp, &newPublicKey)
-	unittest.AssertExistsAndLoadBean(t, &models.PublicKey{
+	unittest.AssertExistsAndLoadBean(t, &keys_model.PublicKey{
 		ID:          newPublicKey.ID,
 		Name:        newPublicKey.Title,
 		Content:     newPublicKey.Key,
@@ -45,7 +45,7 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",
 		keyOwner.Name, newPublicKey.ID, token)
 	session.MakeRequest(t, req, http.StatusNoContent)
-	unittest.AssertNotExistsBean(t, &models.PublicKey{ID: newPublicKey.ID})
+	unittest.AssertNotExistsBean(t, &keys_model.PublicKey{ID: newPublicKey.ID})
 }
 
 func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {
diff --git a/integrations/api_keys_test.go b/integrations/api_keys_test.go
index 5fbd51318fa03..854436ec74ebb 100644
--- a/integrations/api_keys_test.go
+++ b/integrations/api_keys_test.go
@@ -10,7 +10,7 @@ import (
 	"net/url"
 	"testing"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
@@ -65,7 +65,7 @@ func TestCreateReadOnlyDeployKey(t *testing.T) {
 
 	var newDeployKey api.DeployKey
 	DecodeJSON(t, resp, &newDeployKey)
-	unittest.AssertExistsAndLoadBean(t, &models.DeployKey{
+	unittest.AssertExistsAndLoadBean(t, &keys_model.DeployKey{
 		ID:      newDeployKey.ID,
 		Name:    rawKeyBody.Title,
 		Content: rawKeyBody.Key,
@@ -90,7 +90,7 @@ func TestCreateReadWriteDeployKey(t *testing.T) {
 
 	var newDeployKey api.DeployKey
 	DecodeJSON(t, resp, &newDeployKey)
-	unittest.AssertExistsAndLoadBean(t, &models.DeployKey{
+	unittest.AssertExistsAndLoadBean(t, &keys_model.DeployKey{
 		ID:      newDeployKey.ID,
 		Name:    rawKeyBody.Title,
 		Content: rawKeyBody.Key,
@@ -116,7 +116,7 @@ func TestCreateUserKey(t *testing.T) {
 
 	var newPublicKey api.PublicKey
 	DecodeJSON(t, resp, &newPublicKey)
-	unittest.AssertExistsAndLoadBean(t, &models.PublicKey{
+	unittest.AssertExistsAndLoadBean(t, &keys_model.PublicKey{
 		ID:      newPublicKey.ID,
 		OwnerID: user.ID,
 		Name:    rawKeyBody.Title,
diff --git a/integrations/api_private_serv_test.go b/integrations/api_private_serv_test.go
index 388e5da00d97f..5294f801f7505 100644
--- a/integrations/api_private_serv_test.go
+++ b/integrations/api_private_serv_test.go
@@ -9,7 +9,7 @@ import (
 	"net/url"
 	"testing"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/private"
 
@@ -27,7 +27,7 @@ func TestAPIPrivateNoServ(t *testing.T) {
 		assert.Equal(t, int64(1), key.ID)
 		assert.Equal(t, "user2@localhost", key.Name)
 
-		deployKey, err := models.AddDeployKey(1, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
+		deployKey, err := keys_model.AddDeployKey(1, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
 		assert.NoError(t, err)
 
 		key, user, err = private.ServNoCommand(ctx, deployKey.KeyID)
@@ -85,7 +85,7 @@ func TestAPIPrivateServ(t *testing.T) {
 		assert.Empty(t, results)
 
 		// Add reading deploy key
-		deployKey, err := models.AddDeployKey(19, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", true)
+		deployKey, err := keys_model.AddDeployKey(19, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", true)
 		assert.NoError(t, err)
 
 		// Can pull from repo we're a deploy key for
@@ -117,7 +117,7 @@ func TestAPIPrivateServ(t *testing.T) {
 		assert.Empty(t, results)
 
 		// Add writing deploy key
-		deployKey, err = models.AddDeployKey(20, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
+		deployKey, err = keys_model.AddDeployKey(20, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
 		assert.NoError(t, err)
 
 		// Cannot push to a private repo with reading key
diff --git a/models/commit.go b/models/commit.go
index 8de71da1b3fa4..b8034d8230611 100644
--- a/models/commit.go
+++ b/models/commit.go
@@ -5,6 +5,7 @@
 package models
 
 import (
+	"code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -13,9 +14,12 @@ import (
 // ConvertFromGitCommit converts git commits into SignCommitWithStatuses
 func ConvertFromGitCommit(commits []*git.Commit, repo *repo_model.Repository) []*SignCommitWithStatuses {
 	return ParseCommitsWithStatus(
-		ParseCommitsWithSignature(
+		keys.ParseCommitsWithSignature(
 			user_model.ValidateCommitsWithEmails(commits),
-			repo,
+			repo.GetTrustModel(),
+			func(user *user_model.User) (bool, error) {
+				return IsUserRepoAdmin(repo, user)
+			},
 		),
 		repo,
 	)
diff --git a/models/commit_status.go b/models/commit_status.go
index e0942d2028ca5..317cf853e0bf0 100644
--- a/models/commit_status.go
+++ b/models/commit_status.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
@@ -328,11 +329,11 @@ func NewCommitStatus(opts NewCommitStatusOptions) error {
 type SignCommitWithStatuses struct {
 	Status   *CommitStatus
 	Statuses []*CommitStatus
-	*SignCommit
+	*keys.SignCommit
 }
 
 // ParseCommitsWithStatus checks commits latest statuses and calculates its worst status state
-func ParseCommitsWithStatus(oldCommits []*SignCommit, repo *repo_model.Repository) []*SignCommitWithStatuses {
+func ParseCommitsWithStatus(oldCommits []*keys.SignCommit, repo *repo_model.Repository) []*SignCommitWithStatuses {
 	newCommits := make([]*SignCommitWithStatuses, 0, len(oldCommits))
 
 	for _, c := range oldCommits {
diff --git a/models/db/error.go b/models/db/error.go
index adaeedcc0949e..f20cc9b4cb71e 100644
--- a/models/db/error.go
+++ b/models/db/error.go
@@ -29,3 +29,16 @@ func ErrCancelledf(format string, args ...interface{}) error {
 		fmt.Sprintf(format, args...),
 	}
 }
+
+// ErrSSHDisabled represents an "SSH disabled" error.
+type ErrSSHDisabled struct{}
+
+// IsErrSSHDisabled checks if an error is a ErrSSHDisabled.
+func IsErrSSHDisabled(err error) bool {
+	_, ok := err.(ErrSSHDisabled)
+	return ok
+}
+
+func (err ErrSSHDisabled) Error() string {
+	return "SSH is disabled"
+}
diff --git a/models/error.go b/models/error.go
index 20ed7f90e1d59..95646049e2cc8 100644
--- a/models/error.go
+++ b/models/error.go
@@ -28,19 +28,6 @@ func (err ErrNotExist) Error() string {
 	return fmt.Sprintf("record does not exist [id: %d]", err.ID)
 }
 
-// ErrSSHDisabled represents an "SSH disabled" error.
-type ErrSSHDisabled struct{}
-
-// IsErrSSHDisabled checks if an error is a ErrSSHDisabled.
-func IsErrSSHDisabled(err error) bool {
-	_, ok := err.(ErrSSHDisabled)
-	return ok
-}
-
-func (err ErrSSHDisabled) Error() string {
-	return "SSH is disabled"
-}
-
 // ErrUserOwnRepos represents a "UserOwnRepos" kind of error.
 type ErrUserOwnRepos struct {
 	UID int64
@@ -151,254 +138,6 @@ func (err ErrWikiInvalidFileName) Error() string {
 	return fmt.Sprintf("Invalid wiki filename: %s", err.FileName)
 }
 
-// __________     ___.   .__  .__          ____  __.
-// \______   \__ _\_ |__ |  | |__| ____   |    |/ _|____ ___.__.
-//  |     ___/  |  \ __ \|  | |  |/ ___\  |      <_/ __ <   |  |
-//  |    |   |  |  / \_\ \  |_|  \  \___  |    |  \  ___/\___  |
-//  |____|   |____/|___  /____/__|\___  > |____|__ \___  > ____|
-//                     \/             \/          \/   \/\/
-
-// ErrKeyUnableVerify represents a "KeyUnableVerify" kind of error.
-type ErrKeyUnableVerify struct {
-	Result string
-}
-
-// IsErrKeyUnableVerify checks if an error is a ErrKeyUnableVerify.
-func IsErrKeyUnableVerify(err error) bool {
-	_, ok := err.(ErrKeyUnableVerify)
-	return ok
-}
-
-func (err ErrKeyUnableVerify) Error() string {
-	return fmt.Sprintf("Unable to verify key content [result: %s]", err.Result)
-}
-
-// ErrKeyNotExist represents a "KeyNotExist" kind of error.
-type ErrKeyNotExist struct {
-	ID int64
-}
-
-// IsErrKeyNotExist checks if an error is a ErrKeyNotExist.
-func IsErrKeyNotExist(err error) bool {
-	_, ok := err.(ErrKeyNotExist)
-	return ok
-}
-
-func (err ErrKeyNotExist) Error() string {
-	return fmt.Sprintf("public key does not exist [id: %d]", err.ID)
-}
-
-// ErrKeyAlreadyExist represents a "KeyAlreadyExist" kind of error.
-type ErrKeyAlreadyExist struct {
-	OwnerID     int64
-	Fingerprint string
-	Content     string
-}
-
-// IsErrKeyAlreadyExist checks if an error is a ErrKeyAlreadyExist.
-func IsErrKeyAlreadyExist(err error) bool {
-	_, ok := err.(ErrKeyAlreadyExist)
-	return ok
-}
-
-func (err ErrKeyAlreadyExist) Error() string {
-	return fmt.Sprintf("public key already exists [owner_id: %d, finger_print: %s, content: %s]",
-		err.OwnerID, err.Fingerprint, err.Content)
-}
-
-// ErrKeyNameAlreadyUsed represents a "KeyNameAlreadyUsed" kind of error.
-type ErrKeyNameAlreadyUsed struct {
-	OwnerID int64
-	Name    string
-}
-
-// IsErrKeyNameAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.
-func IsErrKeyNameAlreadyUsed(err error) bool {
-	_, ok := err.(ErrKeyNameAlreadyUsed)
-	return ok
-}
-
-func (err ErrKeyNameAlreadyUsed) Error() string {
-	return fmt.Sprintf("public key already exists [owner_id: %d, name: %s]", err.OwnerID, err.Name)
-}
-
-// ErrGPGNoEmailFound represents a "ErrGPGNoEmailFound" kind of error.
-type ErrGPGNoEmailFound struct {
-	FailedEmails []string
-	ID           string
-}
-
-// IsErrGPGNoEmailFound checks if an error is a ErrGPGNoEmailFound.
-func IsErrGPGNoEmailFound(err error) bool {
-	_, ok := err.(ErrGPGNoEmailFound)
-	return ok
-}
-
-func (err ErrGPGNoEmailFound) Error() string {
-	return fmt.Sprintf("none of the emails attached to the GPG key could be found: %v", err.FailedEmails)
-}
-
-// ErrGPGInvalidTokenSignature represents a "ErrGPGInvalidTokenSignature" kind of error.
-type ErrGPGInvalidTokenSignature struct {
-	Wrapped error
-	ID      string
-}
-
-// IsErrGPGInvalidTokenSignature checks if an error is a ErrGPGInvalidTokenSignature.
-func IsErrGPGInvalidTokenSignature(err error) bool {
-	_, ok := err.(ErrGPGInvalidTokenSignature)
-	return ok
-}
-
-func (err ErrGPGInvalidTokenSignature) Error() string {
-	return "the provided signature does not sign the token with the provided key"
-}
-
-// ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error.
-type ErrGPGKeyParsing struct {
-	ParseError error
-}
-
-// IsErrGPGKeyParsing checks if an error is a ErrGPGKeyParsing.
-func IsErrGPGKeyParsing(err error) bool {
-	_, ok := err.(ErrGPGKeyParsing)
-	return ok
-}
-
-func (err ErrGPGKeyParsing) Error() string {
-	return fmt.Sprintf("failed to parse gpg key %s", err.ParseError.Error())
-}
-
-// ErrGPGKeyNotExist represents a "GPGKeyNotExist" kind of error.
-type ErrGPGKeyNotExist struct {
-	ID int64
-}
-
-// IsErrGPGKeyNotExist checks if an error is a ErrGPGKeyNotExist.
-func IsErrGPGKeyNotExist(err error) bool {
-	_, ok := err.(ErrGPGKeyNotExist)
-	return ok
-}
-
-func (err ErrGPGKeyNotExist) Error() string {
-	return fmt.Sprintf("public gpg key does not exist [id: %d]", err.ID)
-}
-
-// ErrGPGKeyImportNotExist represents a "GPGKeyImportNotExist" kind of error.
-type ErrGPGKeyImportNotExist struct {
-	ID string
-}
-
-// IsErrGPGKeyImportNotExist checks if an error is a ErrGPGKeyImportNotExist.
-func IsErrGPGKeyImportNotExist(err error) bool {
-	_, ok := err.(ErrGPGKeyImportNotExist)
-	return ok
-}
-
-func (err ErrGPGKeyImportNotExist) Error() string {
-	return fmt.Sprintf("public gpg key import does not exist [id: %s]", err.ID)
-}
-
-// ErrGPGKeyIDAlreadyUsed represents a "GPGKeyIDAlreadyUsed" kind of error.
-type ErrGPGKeyIDAlreadyUsed struct {
-	KeyID string
-}
-
-// IsErrGPGKeyIDAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.
-func IsErrGPGKeyIDAlreadyUsed(err error) bool {
-	_, ok := err.(ErrGPGKeyIDAlreadyUsed)
-	return ok
-}
-
-func (err ErrGPGKeyIDAlreadyUsed) Error() string {
-	return fmt.Sprintf("public key already exists [key_id: %s]", err.KeyID)
-}
-
-// ErrGPGKeyAccessDenied represents a "GPGKeyAccessDenied" kind of Error.
-type ErrGPGKeyAccessDenied struct {
-	UserID int64
-	KeyID  int64
-}
-
-// IsErrGPGKeyAccessDenied checks if an error is a ErrGPGKeyAccessDenied.
-func IsErrGPGKeyAccessDenied(err error) bool {
-	_, ok := err.(ErrGPGKeyAccessDenied)
-	return ok
-}
-
-// Error pretty-prints an error of type ErrGPGKeyAccessDenied.
-func (err ErrGPGKeyAccessDenied) Error() string {
-	return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d]",
-		err.UserID, err.KeyID)
-}
-
-// ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.
-type ErrKeyAccessDenied struct {
-	UserID int64
-	KeyID  int64
-	Note   string
-}
-
-// IsErrKeyAccessDenied checks if an error is a ErrKeyAccessDenied.
-func IsErrKeyAccessDenied(err error) bool {
-	_, ok := err.(ErrKeyAccessDenied)
-	return ok
-}
-
-func (err ErrKeyAccessDenied) Error() string {
-	return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d, note: %s]",
-		err.UserID, err.KeyID, err.Note)
-}
-
-// ErrDeployKeyNotExist represents a "DeployKeyNotExist" kind of error.
-type ErrDeployKeyNotExist struct {
-	ID     int64
-	KeyID  int64
-	RepoID int64
-}
-
-// IsErrDeployKeyNotExist checks if an error is a ErrDeployKeyNotExist.
-func IsErrDeployKeyNotExist(err error) bool {
-	_, ok := err.(ErrDeployKeyNotExist)
-	return ok
-}
-
-func (err ErrDeployKeyNotExist) Error() string {
-	return fmt.Sprintf("Deploy key does not exist [id: %d, key_id: %d, repo_id: %d]", err.ID, err.KeyID, err.RepoID)
-}
-
-// ErrDeployKeyAlreadyExist represents a "DeployKeyAlreadyExist" kind of error.
-type ErrDeployKeyAlreadyExist struct {
-	KeyID  int64
-	RepoID int64
-}
-
-// IsErrDeployKeyAlreadyExist checks if an error is a ErrDeployKeyAlreadyExist.
-func IsErrDeployKeyAlreadyExist(err error) bool {
-	_, ok := err.(ErrDeployKeyAlreadyExist)
-	return ok
-}
-
-func (err ErrDeployKeyAlreadyExist) Error() string {
-	return fmt.Sprintf("public key already exists [key_id: %d, repo_id: %d]", err.KeyID, err.RepoID)
-}
-
-// ErrDeployKeyNameAlreadyUsed represents a "DeployKeyNameAlreadyUsed" kind of error.
-type ErrDeployKeyNameAlreadyUsed struct {
-	RepoID int64
-	Name   string
-}
-
-// IsErrDeployKeyNameAlreadyUsed checks if an error is a ErrDeployKeyNameAlreadyUsed.
-func IsErrDeployKeyNameAlreadyUsed(err error) bool {
-	_, ok := err.(ErrDeployKeyNameAlreadyUsed)
-	return ok
-}
-
-func (err ErrDeployKeyNameAlreadyUsed) Error() string {
-	return fmt.Sprintf("public key with name already exists [repo_id: %d, name: %s]", err.RepoID, err.Name)
-}
-
 //    _____                                   ___________     __
 //   /  _  \   ____  ____  ____   ______ _____\__    ___/___ |  | __ ____   ____
 //  /  /_\  \_/ ___\/ ___\/ __ \ /  ___//  ___/ |    | /  _ \|  |/ // __ \ /    \
diff --git a/models/keys/error.go b/models/keys/error.go
new file mode 100644
index 0000000000000..5755ecc22688d
--- /dev/null
+++ b/models/keys/error.go
@@ -0,0 +1,248 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package keys
+
+import "fmt"
+
+// ErrKeyUnableVerify represents a "KeyUnableVerify" kind of error.
+type ErrKeyUnableVerify struct {
+	Result string
+}
+
+// IsErrKeyUnableVerify checks if an error is a ErrKeyUnableVerify.
+func IsErrKeyUnableVerify(err error) bool {
+	_, ok := err.(ErrKeyUnableVerify)
+	return ok
+}
+
+func (err ErrKeyUnableVerify) Error() string {
+	return fmt.Sprintf("Unable to verify key content [result: %s]", err.Result)
+}
+
+// ErrKeyNotExist represents a "KeyNotExist" kind of error.
+type ErrKeyNotExist struct {
+	ID int64
+}
+
+// IsErrKeyNotExist checks if an error is a ErrKeyNotExist.
+func IsErrKeyNotExist(err error) bool {
+	_, ok := err.(ErrKeyNotExist)
+	return ok
+}
+
+func (err ErrKeyNotExist) Error() string {
+	return fmt.Sprintf("public key does not exist [id: %d]", err.ID)
+}
+
+// ErrKeyAlreadyExist represents a "KeyAlreadyExist" kind of error.
+type ErrKeyAlreadyExist struct {
+	OwnerID     int64
+	Fingerprint string
+	Content     string
+}
+
+// IsErrKeyAlreadyExist checks if an error is a ErrKeyAlreadyExist.
+func IsErrKeyAlreadyExist(err error) bool {
+	_, ok := err.(ErrKeyAlreadyExist)
+	return ok
+}
+
+func (err ErrKeyAlreadyExist) Error() string {
+	return fmt.Sprintf("public key already exists [owner_id: %d, finger_print: %s, content: %s]",
+		err.OwnerID, err.Fingerprint, err.Content)
+}
+
+// ErrKeyNameAlreadyUsed represents a "KeyNameAlreadyUsed" kind of error.
+type ErrKeyNameAlreadyUsed struct {
+	OwnerID int64
+	Name    string
+}
+
+// IsErrKeyNameAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.
+func IsErrKeyNameAlreadyUsed(err error) bool {
+	_, ok := err.(ErrKeyNameAlreadyUsed)
+	return ok
+}
+
+func (err ErrKeyNameAlreadyUsed) Error() string {
+	return fmt.Sprintf("public key already exists [owner_id: %d, name: %s]", err.OwnerID, err.Name)
+}
+
+// ErrGPGNoEmailFound represents a "ErrGPGNoEmailFound" kind of error.
+type ErrGPGNoEmailFound struct {
+	FailedEmails []string
+	ID           string
+}
+
+// IsErrGPGNoEmailFound checks if an error is a ErrGPGNoEmailFound.
+func IsErrGPGNoEmailFound(err error) bool {
+	_, ok := err.(ErrGPGNoEmailFound)
+	return ok
+}
+
+func (err ErrGPGNoEmailFound) Error() string {
+	return fmt.Sprintf("none of the emails attached to the GPG key could be found: %v", err.FailedEmails)
+}
+
+// ErrGPGInvalidTokenSignature represents a "ErrGPGInvalidTokenSignature" kind of error.
+type ErrGPGInvalidTokenSignature struct {
+	Wrapped error
+	ID      string
+}
+
+// IsErrGPGInvalidTokenSignature checks if an error is a ErrGPGInvalidTokenSignature.
+func IsErrGPGInvalidTokenSignature(err error) bool {
+	_, ok := err.(ErrGPGInvalidTokenSignature)
+	return ok
+}
+
+func (err ErrGPGInvalidTokenSignature) Error() string {
+	return "the provided signature does not sign the token with the provided key"
+}
+
+// ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error.
+type ErrGPGKeyParsing struct {
+	ParseError error
+}
+
+// IsErrGPGKeyParsing checks if an error is a ErrGPGKeyParsing.
+func IsErrGPGKeyParsing(err error) bool {
+	_, ok := err.(ErrGPGKeyParsing)
+	return ok
+}
+
+func (err ErrGPGKeyParsing) Error() string {
+	return fmt.Sprintf("failed to parse gpg key %s", err.ParseError.Error())
+}
+
+// ErrGPGKeyNotExist represents a "GPGKeyNotExist" kind of error.
+type ErrGPGKeyNotExist struct {
+	ID int64
+}
+
+// IsErrGPGKeyNotExist checks if an error is a ErrGPGKeyNotExist.
+func IsErrGPGKeyNotExist(err error) bool {
+	_, ok := err.(ErrGPGKeyNotExist)
+	return ok
+}
+
+func (err ErrGPGKeyNotExist) Error() string {
+	return fmt.Sprintf("public gpg key does not exist [id: %d]", err.ID)
+}
+
+// ErrGPGKeyImportNotExist represents a "GPGKeyImportNotExist" kind of error.
+type ErrGPGKeyImportNotExist struct {
+	ID string
+}
+
+// IsErrGPGKeyImportNotExist checks if an error is a ErrGPGKeyImportNotExist.
+func IsErrGPGKeyImportNotExist(err error) bool {
+	_, ok := err.(ErrGPGKeyImportNotExist)
+	return ok
+}
+
+func (err ErrGPGKeyImportNotExist) Error() string {
+	return fmt.Sprintf("public gpg key import does not exist [id: %s]", err.ID)
+}
+
+// ErrGPGKeyIDAlreadyUsed represents a "GPGKeyIDAlreadyUsed" kind of error.
+type ErrGPGKeyIDAlreadyUsed struct {
+	KeyID string
+}
+
+// IsErrGPGKeyIDAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.
+func IsErrGPGKeyIDAlreadyUsed(err error) bool {
+	_, ok := err.(ErrGPGKeyIDAlreadyUsed)
+	return ok
+}
+
+func (err ErrGPGKeyIDAlreadyUsed) Error() string {
+	return fmt.Sprintf("public key already exists [key_id: %s]", err.KeyID)
+}
+
+// ErrGPGKeyAccessDenied represents a "GPGKeyAccessDenied" kind of Error.
+type ErrGPGKeyAccessDenied struct {
+	UserID int64
+	KeyID  int64
+}
+
+// IsErrGPGKeyAccessDenied checks if an error is a ErrGPGKeyAccessDenied.
+func IsErrGPGKeyAccessDenied(err error) bool {
+	_, ok := err.(ErrGPGKeyAccessDenied)
+	return ok
+}
+
+// Error pretty-prints an error of type ErrGPGKeyAccessDenied.
+func (err ErrGPGKeyAccessDenied) Error() string {
+	return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d]",
+		err.UserID, err.KeyID)
+}
+
+// ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.
+type ErrKeyAccessDenied struct {
+	UserID int64
+	KeyID  int64
+	Note   string
+}
+
+// IsErrKeyAccessDenied checks if an error is a ErrKeyAccessDenied.
+func IsErrKeyAccessDenied(err error) bool {
+	_, ok := err.(ErrKeyAccessDenied)
+	return ok
+}
+
+func (err ErrKeyAccessDenied) Error() string {
+	return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d, note: %s]",
+		err.UserID, err.KeyID, err.Note)
+}
+
+// ErrDeployKeyNotExist represents a "DeployKeyNotExist" kind of error.
+type ErrDeployKeyNotExist struct {
+	ID     int64
+	KeyID  int64
+	RepoID int64
+}
+
+// IsErrDeployKeyNotExist checks if an error is a ErrDeployKeyNotExist.
+func IsErrDeployKeyNotExist(err error) bool {
+	_, ok := err.(ErrDeployKeyNotExist)
+	return ok
+}
+
+func (err ErrDeployKeyNotExist) Error() string {
+	return fmt.Sprintf("Deploy key does not exist [id: %d, key_id: %d, repo_id: %d]", err.ID, err.KeyID, err.RepoID)
+}
+
+// ErrDeployKeyAlreadyExist represents a "DeployKeyAlreadyExist" kind of error.
+type ErrDeployKeyAlreadyExist struct {
+	KeyID  int64
+	RepoID int64
+}
+
+// IsErrDeployKeyAlreadyExist checks if an error is a ErrDeployKeyAlreadyExist.
+func IsErrDeployKeyAlreadyExist(err error) bool {
+	_, ok := err.(ErrDeployKeyAlreadyExist)
+	return ok
+}
+
+func (err ErrDeployKeyAlreadyExist) Error() string {
+	return fmt.Sprintf("public key already exists [key_id: %d, repo_id: %d]", err.KeyID, err.RepoID)
+}
+
+// ErrDeployKeyNameAlreadyUsed represents a "DeployKeyNameAlreadyUsed" kind of error.
+type ErrDeployKeyNameAlreadyUsed struct {
+	RepoID int64
+	Name   string
+}
+
+// IsErrDeployKeyNameAlreadyUsed checks if an error is a ErrDeployKeyNameAlreadyUsed.
+func IsErrDeployKeyNameAlreadyUsed(err error) bool {
+	_, ok := err.(ErrDeployKeyNameAlreadyUsed)
+	return ok
+}
+
+func (err ErrDeployKeyNameAlreadyUsed) Error() string {
+	return fmt.Sprintf("public key with name already exists [repo_id: %d, name: %s]", err.RepoID, err.Name)
+}
diff --git a/models/gpg_key.go b/models/keys/gpg_key.go
similarity index 95%
rename from models/gpg_key.go
rename to models/keys/gpg_key.go
index ce27a9237ed85..ac5929933e6f1 100644
--- a/models/gpg_key.go
+++ b/models/keys/gpg_key.go
@@ -2,9 +2,10 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
+	"context"
 	"fmt"
 	"strings"
 	"time"
@@ -63,12 +64,8 @@ func (key *GPGKey) AfterLoad(session *xorm.Session) {
 }
 
 // ListGPGKeys returns a list of public keys belongs to given user.
-func ListGPGKeys(uid int64, listOptions db.ListOptions) ([]*GPGKey, error) {
-	return listGPGKeys(db.GetEngine(db.DefaultContext), uid, listOptions)
-}
-
-func listGPGKeys(e db.Engine, uid int64, listOptions db.ListOptions) ([]*GPGKey, error) {
-	sess := e.Table(&GPGKey{}).Where("owner_id=? AND primary_key_id=''", uid)
+func ListGPGKeys(ctx context.Context, uid int64, listOptions db.ListOptions) ([]*GPGKey, error) {
+	sess := db.GetEngine(ctx).Table(&GPGKey{}).Where("owner_id=? AND primary_key_id=''", uid)
 	if listOptions.Page != 0 {
 		sess = db.SetSessionPagination(sess, &listOptions)
 	}
diff --git a/models/gpg_key_add.go b/models/keys/gpg_key_add.go
similarity index 99%
rename from models/gpg_key_add.go
rename to models/keys/gpg_key_add.go
index 711fc86dee5f2..ac449fab9d03e 100644
--- a/models/gpg_key_add.go
+++ b/models/keys/gpg_key_add.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"strings"
diff --git a/models/gpg_key_commit_verification.go b/models/keys/gpg_key_commit_verification.go
similarity index 89%
rename from models/gpg_key_commit_verification.go
rename to models/keys/gpg_key_commit_verification.go
index 48f58c07b651c..6ea0433e99c8d 100644
--- a/models/gpg_key_commit_verification.go
+++ b/models/keys/gpg_key_commit_verification.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"fmt"
@@ -70,7 +70,7 @@ const (
 )
 
 // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
-func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repository *repo_model.Repository) []*SignCommit {
+func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel TrustModelType, isCodeReader func(*user_model.User) (bool, error)) []*SignCommit {
 	newCommits := make([]*SignCommit, 0, len(oldCommits))
 	keyMap := map[string]bool{}
 
@@ -80,7 +80,7 @@ func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repository *
 			Verification: ParseCommitWithSignature(c.Commit),
 		}
 
-		_ = CalculateTrustStatus(signCommit.Verification, repository, &keyMap)
+		_ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isCodeReader, &keyMap)
 
 		newCommits = append(newCommits, signCommit)
 	}
@@ -159,7 +159,7 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
 
 	// Now try to associate the signature with the committer, if present
 	if committer.ID != 0 {
-		keys, err := ListGPGKeys(committer.ID, db.ListOptions{})
+		keys, err := ListGPGKeys(db.DefaultContext, committer.ID, db.ListOptions{})
 		if err != nil { // Skipping failed to get gpg keys of user
 			log.Error("ListGPGKeys: %v", err)
 			return &CommitVerification{
@@ -447,19 +447,58 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *use
 	}
 }
 
+// TrustModelType defines the types of trust model for this repository
+type TrustModelType int
+
+// kinds of TrustModel
+const (
+	DefaultTrustModel TrustModelType = iota // default trust model
+	CommitterTrustModel
+	CollaboratorTrustModel
+	CollaboratorCommitterTrustModel
+)
+
+// String converts a TrustModelType to a string
+func (t TrustModelType) String() string {
+	switch t {
+	case DefaultTrustModel:
+		return "default"
+	case CommitterTrustModel:
+		return "committer"
+	case CollaboratorTrustModel:
+		return "collaborator"
+	case CollaboratorCommitterTrustModel:
+		return "collaboratorcommitter"
+	}
+	return "default"
+}
+
+// ToTrustModel converts a string to a TrustModelType
+func ToTrustModel(model string) TrustModelType {
+	switch strings.ToLower(strings.TrimSpace(model)) {
+	case "default":
+		return DefaultTrustModel
+	case "collaborator":
+		return CollaboratorTrustModel
+	case "committer":
+		return CommitterTrustModel
+	case "collaboratorcommitter":
+		return CollaboratorCommitterTrustModel
+	}
+	return DefaultTrustModel
+}
+
 // CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository
-func CalculateTrustStatus(verification *CommitVerification, repository *repo_model.Repository, keyMap *map[string]bool) (err error) {
+// There are several trust models in Gitea
+func CalculateTrustStatus(verification *CommitVerification, repoTrustModel TrustModelType, isCodeReader func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) {
 	if !verification.Verified {
 		return
 	}
 
-	// There are several trust models in Gitea
-	trustModel := repository.GetTrustModel()
-
 	// In the Committer trust model a signature is trusted if it matches the committer
 	// - it doesn't matter if they're a collaborator, the owner, Gitea or Github
 	// NB: This model is commit verification only
-	if trustModel == repo_model.CommitterTrustModel {
+	if repoTrustModel == repo_model.CommitterTrustModel {
 		// default to "unmatched"
 		verification.TrustStatus = "unmatched"
 
@@ -482,7 +521,7 @@ func CalculateTrustStatus(verification *CommitVerification, repository *repo_mod
 
 		// However in the repo_model.CollaboratorCommitterTrustModel we cannot mark this as trusted
 		// unless the default key matches the email of a non-user.
-		if trustModel == repo_model.CollaboratorCommitterTrustModel && (verification.CommittingUser.ID != 0 ||
+		if repoTrustModel == repo_model.CollaboratorCommitterTrustModel && (verification.CommittingUser.ID != 0 ||
 			verification.SigningUser.Email != verification.CommittingUser.Email) {
 			verification.TrustStatus = "untrusted"
 		}
@@ -494,11 +533,11 @@ func CalculateTrustStatus(verification *CommitVerification, repository *repo_mod
 		var has bool
 		isMember, has = (*keyMap)[verification.SigningKey.KeyID]
 		if !has {
-			isMember, err = IsOwnerMemberCollaborator(repository, verification.SigningUser.ID)
+			isMember, err = isCodeReader(verification.SigningUser)
 			(*keyMap)[verification.SigningKey.KeyID] = isMember
 		}
 	} else {
-		isMember, err = IsOwnerMemberCollaborator(repository, verification.SigningUser.ID)
+		isMember, err = isCodeReader(verification.SigningUser)
 	}
 
 	if !isMember {
@@ -508,7 +547,7 @@ func CalculateTrustStatus(verification *CommitVerification, repository *repo_mod
 			// This should be marked as questionable unless the signing user is a collaborator/team member etc.
 			verification.TrustStatus = "unmatched"
 		}
-	} else if trustModel == repo_model.CollaboratorCommitterTrustModel && verification.CommittingUser.ID != verification.SigningUser.ID {
+	} else if repoTrustModel == repo_model.CollaboratorCommitterTrustModel && verification.CommittingUser.ID != verification.SigningUser.ID {
 		// The committing user and the signing user are not the same and our trustmodel states that they must match
 		verification.TrustStatus = "unmatched"
 	}
diff --git a/models/gpg_key_common.go b/models/keys/gpg_key_common.go
similarity index 99%
rename from models/gpg_key_common.go
rename to models/keys/gpg_key_common.go
index 72803625eeb87..58d9ea8791e62 100644
--- a/models/gpg_key_common.go
+++ b/models/keys/gpg_key_common.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"bytes"
diff --git a/models/gpg_key_import.go b/models/keys/gpg_key_import.go
similarity index 98%
rename from models/gpg_key_import.go
rename to models/keys/gpg_key_import.go
index 1eed9296272b3..6bc31d3228a78 100644
--- a/models/gpg_key_import.go
+++ b/models/keys/gpg_key_import.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import "code.gitea.io/gitea/models/db"
 
diff --git a/models/gpg_key_test.go b/models/keys/gpg_key_test.go
similarity index 99%
rename from models/gpg_key_test.go
rename to models/keys/gpg_key_test.go
index 8f51c146aa0ee..9c3bdb6374763 100644
--- a/models/gpg_key_test.go
+++ b/models/keys/gpg_key_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"testing"
diff --git a/models/gpg_key_verify.go b/models/keys/gpg_key_verify.go
similarity index 99%
rename from models/gpg_key_verify.go
rename to models/keys/gpg_key_verify.go
index 18240860211c5..a648bc85364d7 100644
--- a/models/gpg_key_verify.go
+++ b/models/keys/gpg_key_verify.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"strconv"
diff --git a/models/ssh_key.go b/models/keys/ssh_key.go
similarity index 93%
rename from models/ssh_key.go
rename to models/keys/ssh_key.go
index 0d97096149b0a..8a2ab6fbbb58a 100644
--- a/models/ssh_key.go
+++ b/models/keys/ssh_key.go
@@ -3,9 +3,10 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
+	"context"
 	"fmt"
 	"strings"
 	"time"
@@ -247,13 +248,13 @@ func UpdatePublicKeyUpdated(id int64) error {
 	return nil
 }
 
-// deletePublicKeys does the actual key deletion but does not update authorized_keys file.
-func deletePublicKeys(e db.Engine, keyIDs ...int64) error {
+// DeletePublicKeys does the actual key deletion but does not update authorized_keys file.
+func DeletePublicKeys(ctx context.Context, keyIDs ...int64) error {
 	if len(keyIDs) == 0 {
 		return nil
 	}
 
-	_, err := e.In("id", keyIDs).Delete(new(PublicKey))
+	_, err := db.GetEngine(ctx).In("id", keyIDs).Delete(new(PublicKey))
 	return err
 }
 
@@ -325,40 +326,6 @@ func PublicKeyIsExternallyManaged(id int64) (bool, error) {
 	return false, nil
 }
 
-// DeletePublicKey deletes SSH key information both in database and authorized_keys file.
-func DeletePublicKey(doer *user_model.User, id int64) (err error) {
-	key, err := GetPublicKeyByID(id)
-	if err != nil {
-		return err
-	}
-
-	// Check if user has access to delete this key.
-	if !doer.IsAdmin && doer.ID != key.OwnerID {
-		return ErrKeyAccessDenied{doer.ID, key.ID, "public"}
-	}
-
-	ctx, committer, err := db.TxContext()
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
-	if err = deletePublicKeys(db.GetEngine(ctx), id); err != nil {
-		return err
-	}
-
-	if err = committer.Commit(); err != nil {
-		return err
-	}
-	committer.Close()
-
-	if key.Type == KeyTypePrincipal {
-		return RewriteAllPrincipalKeys()
-	}
-
-	return RewriteAllPublicKeys()
-}
-
 // deleteKeysMarkedForDeletion returns true if ssh keys needs update
 func deleteKeysMarkedForDeletion(keys []string) (bool, error) {
 	// Start session
@@ -377,7 +344,7 @@ func deleteKeysMarkedForDeletion(keys []string) (bool, error) {
 			log.Error("SearchPublicKeyByContent: %v", err)
 			continue
 		}
-		if err = deletePublicKeys(sess, key.ID); err != nil {
+		if err = DeletePublicKeys(ctx, key.ID); err != nil {
 			log.Error("deletePublicKeys: %v", err)
 			continue
 		}
diff --git a/models/ssh_key_authorized_keys.go b/models/keys/ssh_key_authorized_keys.go
similarity index 97%
rename from models/ssh_key_authorized_keys.go
rename to models/keys/ssh_key_authorized_keys.go
index 7843390ffc38c..ef4ca44663915 100644
--- a/models/ssh_key_authorized_keys.go
+++ b/models/keys/ssh_key_authorized_keys.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"bufio"
@@ -118,10 +118,6 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
 // Note: db.GetEngine(db.DefaultContext).Iterate does not get latest data after insert/delete, so we have to call this function
 // outside any session scope independently.
 func RewriteAllPublicKeys() error {
-	return rewriteAllPublicKeys(db.GetEngine(db.DefaultContext))
-}
-
-func rewriteAllPublicKeys(e db.Engine) error {
 	// Don't rewrite key if internal server
 	if setting.SSH.StartBuiltinServer || !setting.SSH.CreateAuthorizedKeysFile {
 		return nil
@@ -169,7 +165,7 @@ func rewriteAllPublicKeys(e db.Engine) error {
 		}
 	}
 
-	if err := regeneratePublicKeys(e, t); err != nil {
+	if err := RegeneratePublicKeys(t); err != nil {
 		return err
 	}
 
diff --git a/models/ssh_key_authorized_principals.go b/models/keys/ssh_key_authorized_principals.go
similarity index 99%
rename from models/ssh_key_authorized_principals.go
rename to models/keys/ssh_key_authorized_principals.go
index c053b4b6d55c2..b4fd4684a88a5 100644
--- a/models/ssh_key_authorized_principals.go
+++ b/models/keys/ssh_key_authorized_principals.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"bufio"
diff --git a/models/ssh_key_deploy.go b/models/keys/ssh_key_deploy.go
similarity index 94%
rename from models/ssh_key_deploy.go
rename to models/keys/ssh_key_deploy.go
index 672974afb3932..48b848b71db4d 100644
--- a/models/ssh_key_deploy.go
+++ b/models/keys/ssh_key_deploy.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"context"
@@ -169,13 +169,9 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey
 }
 
 // GetDeployKeyByID returns deploy key by given ID.
-func GetDeployKeyByID(id int64) (*DeployKey, error) {
-	return getDeployKeyByID(db.GetEngine(db.DefaultContext), id)
-}
-
-func getDeployKeyByID(e db.Engine, id int64) (*DeployKey, error) {
+func GetDeployKeyByID(ctx context.Context, id int64) (*DeployKey, error) {
 	key := new(DeployKey)
-	has, err := e.ID(id).Get(key)
+	has, err := db.GetEngine(ctx).ID(id).Get(key)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -300,12 +296,8 @@ func (opt ListDeployKeysOptions) toCond() builder.Cond {
 }
 
 // ListDeployKeys returns a list of deploy keys matching the provided arguments.
-func ListDeployKeys(opts *ListDeployKeysOptions) ([]*DeployKey, error) {
-	return listDeployKeys(db.GetEngine(db.DefaultContext), opts)
-}
-
-func listDeployKeys(e db.Engine, opts *ListDeployKeysOptions) ([]*DeployKey, error) {
-	sess := e.Where(opts.toCond())
+func ListDeployKeys(ctx context.Context, opts *ListDeployKeysOptions) ([]*DeployKey, error) {
+	sess := db.GetEngine(ctx).Where(opts.toCond())
 
 	if opts.Page != 0 {
 		sess = db.SetSessionPagination(sess, opts)
diff --git a/models/ssh_key_fingerprint.go b/models/keys/ssh_key_fingerprint.go
similarity index 99%
rename from models/ssh_key_fingerprint.go
rename to models/keys/ssh_key_fingerprint.go
index 85296c961c3eb..a912b1d103556 100644
--- a/models/ssh_key_fingerprint.go
+++ b/models/keys/ssh_key_fingerprint.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"errors"
diff --git a/models/ssh_key_parse.go b/models/keys/ssh_key_parse.go
similarity index 99%
rename from models/ssh_key_parse.go
rename to models/keys/ssh_key_parse.go
index 748c66da7dad6..e9783a3b51fd9 100644
--- a/models/ssh_key_parse.go
+++ b/models/keys/ssh_key_parse.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"crypto/rsa"
@@ -18,6 +18,7 @@ import (
 	"strconv"
 	"strings"
 
+	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
@@ -157,7 +158,7 @@ func parseKeyString(content string) (string, error) {
 // It returns the actual public key line on success.
 func CheckPublicKeyString(content string) (_ string, err error) {
 	if setting.SSH.Disabled {
-		return "", ErrSSHDisabled{}
+		return "", db.ErrSSHDisabled{}
 	}
 
 	content, err = parseKeyString(content)
diff --git a/models/ssh_key_principals.go b/models/keys/ssh_key_principals.go
similarity index 98%
rename from models/ssh_key_principals.go
rename to models/keys/ssh_key_principals.go
index 9a17a56f1a0fa..d8674a6a72fc2 100644
--- a/models/ssh_key_principals.go
+++ b/models/keys/ssh_key_principals.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"errors"
@@ -76,7 +76,7 @@ func addPrincipalKey(e db.Engine, key *PublicKey) (err error) {
 // CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines
 func CheckPrincipalKeyString(user *user_model.User, content string) (_ string, err error) {
 	if setting.SSH.Disabled {
-		return "", ErrSSHDisabled{}
+		return "", db.ErrSSHDisabled{}
 	}
 
 	content = strings.TrimSpace(content)
diff --git a/models/ssh_key_test.go b/models/keys/ssh_key_test.go
similarity index 99%
rename from models/ssh_key_test.go
rename to models/keys/ssh_key_test.go
index b52a36bdbd29f..c00dcab4f1738 100644
--- a/models/ssh_key_test.go
+++ b/models/keys/ssh_key_test.go
@@ -3,7 +3,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package keys
 
 import (
 	"strings"
diff --git a/models/pull_sign.go b/models/pull_sign.go
index 269e8e06d2025..194ce21e3534e 100644
--- a/models/pull_sign.go
+++ b/models/pull_sign.go
@@ -6,6 +6,7 @@ package models
 
 import (
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -38,7 +39,7 @@ Loop:
 		case always:
 			break Loop
 		case pubkey:
-			keys, err := ListGPGKeys(u.ID, db.ListOptions{})
+			keys, err := keys.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
 			if err != nil {
 				return false, "", nil, err
 			}
@@ -76,7 +77,7 @@ Loop:
 			if err != nil {
 				return false, "", nil, err
 			}
-			verification := ParseCommitWithSignature(commit)
+			verification := keys.ParseCommitWithSignature(commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{baseSigned}
 			}
@@ -92,7 +93,7 @@ Loop:
 			if err != nil {
 				return false, "", nil, err
 			}
-			verification := ParseCommitWithSignature(commit)
+			verification := keys.ParseCommitWithSignature(commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{headSigned}
 			}
@@ -108,7 +109,7 @@ Loop:
 			if err != nil {
 				return false, "", nil, err
 			}
-			verification := ParseCommitWithSignature(commit)
+			verification := keys.ParseCommitWithSignature(commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{commitsSigned}
 			}
@@ -122,7 +123,7 @@ Loop:
 				return false, "", nil, err
 			}
 			for _, commit := range commitList {
-				verification := ParseCommitWithSignature(commit)
+				verification := keys.ParseCommitWithSignature(commit)
 				if !verification.Verified {
 					return false, "", nil, &ErrWontSign{commitsSigned}
 				}
diff --git a/models/repo.go b/models/repo.go
index 6bdc4c20d29f9..35b68afe278ea 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -21,6 +21,7 @@ import (
 
 	admin_model "code.gitea.io/gitea/models/admin"
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -126,9 +127,157 @@ func NewRepoContext() {
 	admin_model.RemoveAllWithNotice(db.DefaultContext, "Clean up repository temporary data", filepath.Join(setting.AppDataPath, "tmp"))
 }
 
+<<<<<<< HEAD
 // CheckRepoUnitUser check whether user could visit the unit of this repository
 func CheckRepoUnitUser(repo *repo_model.Repository, user *user_model.User, unitType unit.Type) bool {
 	return checkRepoUnitUser(db.DefaultContext, repo, user, unitType)
+=======
+// RepositoryStatus defines the status of repository
+type RepositoryStatus int
+
+// all kinds of RepositoryStatus
+const (
+	RepositoryReady           RepositoryStatus = iota // a normal repository
+	RepositoryBeingMigrated                           // repository is migrating
+	RepositoryPendingTransfer                         // repository pending in ownership transfer state
+	RepositoryBroken                                  // repository is in a permanently broken state
+)
+
+// Repository represents a git repository.
+type Repository struct {
+	ID                  int64 `xorm:"pk autoincr"`
+	OwnerID             int64 `xorm:"UNIQUE(s) index"`
+	OwnerName           string
+	Owner               *user_model.User   `xorm:"-"`
+	LowerName           string             `xorm:"UNIQUE(s) INDEX NOT NULL"`
+	Name                string             `xorm:"INDEX NOT NULL"`
+	Description         string             `xorm:"TEXT"`
+	Website             string             `xorm:"VARCHAR(2048)"`
+	OriginalServiceType api.GitServiceType `xorm:"index"`
+	OriginalURL         string             `xorm:"VARCHAR(2048)"`
+	DefaultBranch       string
+
+	NumWatches          int
+	NumStars            int
+	NumForks            int
+	NumIssues           int
+	NumClosedIssues     int
+	NumOpenIssues       int `xorm:"-"`
+	NumPulls            int
+	NumClosedPulls      int
+	NumOpenPulls        int `xorm:"-"`
+	NumMilestones       int `xorm:"NOT NULL DEFAULT 0"`
+	NumClosedMilestones int `xorm:"NOT NULL DEFAULT 0"`
+	NumOpenMilestones   int `xorm:"-"`
+	NumProjects         int `xorm:"NOT NULL DEFAULT 0"`
+	NumClosedProjects   int `xorm:"NOT NULL DEFAULT 0"`
+	NumOpenProjects     int `xorm:"-"`
+
+	IsPrivate   bool `xorm:"INDEX"`
+	IsEmpty     bool `xorm:"INDEX"`
+	IsArchived  bool `xorm:"INDEX"`
+	IsMirror    bool `xorm:"INDEX"`
+	*Mirror     `xorm:"-"`
+	PushMirrors []*PushMirror    `xorm:"-"`
+	Status      RepositoryStatus `xorm:"NOT NULL DEFAULT 0"`
+
+	RenderingMetas         map[string]string `xorm:"-"`
+	DocumentRenderingMetas map[string]string `xorm:"-"`
+	Units                  []*RepoUnit       `xorm:"-"`
+	PrimaryLanguage        *LanguageStat     `xorm:"-"`
+
+	IsFork                          bool               `xorm:"INDEX NOT NULL DEFAULT false"`
+	ForkID                          int64              `xorm:"INDEX"`
+	BaseRepo                        *Repository        `xorm:"-"`
+	IsTemplate                      bool               `xorm:"INDEX NOT NULL DEFAULT false"`
+	TemplateID                      int64              `xorm:"INDEX"`
+	TemplateRepo                    *Repository        `xorm:"-"`
+	Size                            int64              `xorm:"NOT NULL DEFAULT 0"`
+	CodeIndexerStatus               *RepoIndexerStatus `xorm:"-"`
+	StatsIndexerStatus              *RepoIndexerStatus `xorm:"-"`
+	IsFsckEnabled                   bool               `xorm:"NOT NULL DEFAULT true"`
+	CloseIssuesViaCommitInAnyBranch bool               `xorm:"NOT NULL DEFAULT false"`
+	Topics                          []string           `xorm:"TEXT JSON"`
+
+	TrustModel keys.TrustModelType
+
+	// Avatar: ID(10-20)-md5(32) - must fit into 64 symbols
+	Avatar string `xorm:"VARCHAR(64)"`
+
+	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
+	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
+}
+
+func init() {
+	db.RegisterModel(new(Repository))
+}
+
+// SanitizedOriginalURL returns a sanitized OriginalURL
+func (repo *Repository) SanitizedOriginalURL() string {
+	if repo.OriginalURL == "" {
+		return ""
+	}
+	u, err := url.Parse(repo.OriginalURL)
+	if err != nil {
+		return ""
+	}
+	u.User = nil
+	return u.String()
+}
+
+// ColorFormat returns a colored string to represent this repo
+func (repo *Repository) ColorFormat(s fmt.State) {
+	log.ColorFprintf(s, "%d:%s/%s",
+		log.NewColoredIDValue(repo.ID),
+		repo.OwnerName,
+		repo.Name)
+}
+
+// IsBeingMigrated indicates that repository is being migrated
+func (repo *Repository) IsBeingMigrated() bool {
+	return repo.Status == RepositoryBeingMigrated
+}
+
+// IsBeingCreated indicates that repository is being migrated or forked
+func (repo *Repository) IsBeingCreated() bool {
+	return repo.IsBeingMigrated()
+}
+
+// IsBroken indicates that repository is broken
+func (repo *Repository) IsBroken() bool {
+	return repo.Status == RepositoryBroken
+}
+
+// AfterLoad is invoked from XORM after setting the values of all fields of this object.
+func (repo *Repository) AfterLoad() {
+	// FIXME: use models migration to solve all at once.
+	if len(repo.DefaultBranch) == 0 {
+		repo.DefaultBranch = setting.Repository.DefaultBranch
+	}
+
+	repo.NumOpenIssues = repo.NumIssues - repo.NumClosedIssues
+	repo.NumOpenPulls = repo.NumPulls - repo.NumClosedPulls
+	repo.NumOpenMilestones = repo.NumMilestones - repo.NumClosedMilestones
+	repo.NumOpenProjects = repo.NumProjects - repo.NumClosedProjects
+}
+
+// MustOwner always returns a valid *user_model.User object to avoid
+// conceptually impossible error handling.
+// It creates a fake object that contains error details
+// when error occurs.
+func (repo *Repository) MustOwner() *user_model.User {
+	return repo.mustOwner(db.GetEngine(db.DefaultContext))
+}
+
+// FullName returns the repository full name
+func (repo *Repository) FullName() string {
+	return repo.OwnerName + "/" + repo.Name
+}
+
+// HTMLURL returns the repository HTML URL
+func (repo *Repository) HTMLURL() string {
+	return setting.AppURL + url.PathEscape(repo.OwnerName) + "/" + url.PathEscape(repo.Name)
+>>>>>>> 3db02666b (Move keys to models/keys)
 }
 
 func checkRepoUnitUser(ctx context.Context, repo *repo_model.Repository, user *user_model.User, unitType unit.Type) bool {
@@ -415,8 +564,13 @@ type CreateRepoOptions struct {
 	IsMirror       bool
 	IsTemplate     bool
 	AutoInit       bool
+<<<<<<< HEAD
 	Status         repo_model.RepositoryStatus
 	TrustModel     repo_model.TrustModelType
+=======
+	Status         RepositoryStatus
+	TrustModel     keys.TrustModelType
+>>>>>>> 3db02666b (Move keys to models/keys)
 	MirrorInterval string
 }
 
@@ -856,12 +1010,17 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error {
 	}
 
 	// Delete Deploy Keys
-	deployKeys, err := listDeployKeys(sess, &ListDeployKeysOptions{RepoID: repoID})
+	deployKeys, err := keys.ListDeployKeys(ctx, &keys.ListDeployKeysOptions{RepoID: repoID})
 	if err != nil {
 		return fmt.Errorf("listDeployKeys: %v", err)
 	}
+	var needRewriteKeysFile = len(deployKeys) > 0
 	for _, dKey := range deployKeys {
+<<<<<<< HEAD
 		if err := deleteDeployKey(ctx, doer, dKey.ID); err != nil {
+=======
+		if err := DeleteDeployKey(ctx, doer, dKey.ID); err != nil {
+>>>>>>> 3db02666b (Move keys to models/keys)
 			return fmt.Errorf("deleteDeployKeys: %v", err)
 		}
 	}
@@ -1049,6 +1208,12 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error {
 
 	committer.Close()
 
+	if needRewriteKeysFile {
+		if err := keys.RewriteAllPublicKeys(); err != nil {
+			log.Error("RewriteAllPublicKeys failed: %v", err)
+		}
+	}
+
 	// We should always delete the files after the database transaction succeed. If
 	// we delete the file but the database rollback, the repository will be broken.
 
@@ -1323,6 +1488,21 @@ func UpdateRepositoryCols(repo *repo_model.Repository, cols ...string) error {
 	return updateRepositoryCols(db.GetEngine(db.DefaultContext), repo, cols...)
 }
 
+<<<<<<< HEAD
+=======
+// GetTrustModel will get the TrustModel for the repo or the default trust model
+func (repo *Repository) GetTrustModel() keys.TrustModelType {
+	trustModel := repo.TrustModel
+	if trustModel == keys.DefaultTrustModel {
+		trustModel = keys.ToTrustModel(setting.Repository.Signing.DefaultTrustModel)
+		if trustModel == keys.DefaultTrustModel {
+			return keys.CollaboratorTrustModel
+		}
+	}
+	return trustModel
+}
+
+>>>>>>> 3db02666b (Move keys to models/keys)
 func updateUserStarNumbers(users []user_model.User) error {
 	ctx, committer, err := db.TxContext()
 	if err != nil {
diff --git a/models/repo_sign.go b/models/repo_sign.go
index 1c736a62da8a0..c6e8cb338f3d6 100644
--- a/models/repo_sign.go
+++ b/models/repo_sign.go
@@ -5,9 +5,12 @@
 package models
 
 import (
+	"context"
+	"fmt"
 	"strings"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
@@ -124,7 +127,7 @@ Loop:
 		case always:
 			break Loop
 		case pubkey:
-			keys, err := ListGPGKeys(u.ID, db.ListOptions{})
+			keys, err := keys.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
 			if err != nil {
 				return false, "", nil, err
 			}
@@ -160,7 +163,7 @@ Loop:
 		case always:
 			break Loop
 		case pubkey:
-			keys, err := ListGPGKeys(u.ID, db.ListOptions{})
+			keys, err := keys.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
 			if err != nil {
 				return false, "", nil, err
 			}
@@ -188,7 +191,7 @@ Loop:
 			if commit.Signature == nil {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
-			verification := ParseCommitWithSignature(commit)
+			verification := keys.ParseCommitWithSignature(commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
@@ -213,7 +216,7 @@ Loop:
 		case always:
 			break Loop
 		case pubkey:
-			keys, err := ListGPGKeys(u.ID, db.ListOptions{})
+			keys, err := keys.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
 			if err != nil {
 				return false, "", nil, err
 			}
@@ -241,7 +244,7 @@ Loop:
 			if commit.Signature == nil {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
-			verification := ParseCommitWithSignature(commit)
+			verification := keys.ParseCommitWithSignature(commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
@@ -249,3 +252,52 @@ Loop:
 	}
 	return true, signingKey, sig, nil
 }
+
+// DeleteDeployKey delete deploy keys
+func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
+	key, err := keys.GetDeployKeyByID(ctx, id)
+	if err != nil {
+		if keys.IsErrDeployKeyNotExist(err) {
+			return nil
+		}
+		return fmt.Errorf("GetDeployKeyByID: %v", err)
+	}
+
+	sess := db.GetEngine(ctx)
+
+	// Check if user has access to delete this key.
+	if !doer.IsAdmin {
+		repo, err := getRepositoryByID(sess, key.RepoID)
+		if err != nil {
+			return fmt.Errorf("GetRepositoryByID: %v", err)
+		}
+		has, err := isUserRepoAdmin(sess, repo, doer)
+		if err != nil {
+			return fmt.Errorf("GetUserRepoPermission: %v", err)
+		} else if !has {
+			return keys.ErrKeyAccessDenied{
+				UserID: doer.ID,
+				KeyID:  key.ID,
+				Note:   "deploy",
+			}
+		}
+	}
+
+	if _, err = sess.ID(key.ID).Delete(new(keys.DeployKey)); err != nil {
+		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
+	}
+
+	// Check if this is the last reference to same key content.
+	has, err := sess.
+		Where("key_id = ?", key.KeyID).
+		Get(new(keys.DeployKey))
+	if err != nil {
+		return err
+	} else if !has {
+		if err = keys.DeletePublicKeys(ctx, key.KeyID); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/models/statistic.go b/models/statistic.go
index 055f312c11eb4..e8fa522e3ab40 100644
--- a/models/statistic.go
+++ b/models/statistic.go
@@ -6,6 +6,7 @@ package models
 
 import (
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
@@ -47,8 +48,13 @@ func GetStatistic() (stats Statistic) {
 	e := db.GetEngine(db.DefaultContext)
 	stats.Counter.User = user_model.CountUsers()
 	stats.Counter.Org = CountOrganizations()
+<<<<<<< HEAD
 	stats.Counter.PublicKey, _ = e.Count(new(PublicKey))
 	stats.Counter.Repo = repo_model.CountRepositories(true)
+=======
+	stats.Counter.PublicKey, _ = e.Count(new(keys.PublicKey))
+	stats.Counter.Repo = CountRepositories(true)
+>>>>>>> 3db02666b (Move keys to models/keys)
 	stats.Counter.Watch, _ = e.Count(new(Watch))
 	stats.Counter.Star, _ = e.Count(new(Star))
 	stats.Counter.Action, _ = e.Count(new(Action))
diff --git a/models/user.go b/models/user.go
index 1427833e21fb0..0c6d5ff7d6d21 100644
--- a/models/user.go
+++ b/models/user.go
@@ -13,6 +13,7 @@ import (
 	_ "image/jpeg" // Needed for jpeg support
 
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -234,23 +235,23 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
 	}
 
 	// ***** START: PublicKey *****
-	if _, err = e.Delete(&PublicKey{OwnerID: u.ID}); err != nil {
+	if _, err = e.Delete(&keys_model.PublicKey{OwnerID: u.ID}); err != nil {
 		return fmt.Errorf("deletePublicKeys: %v", err)
 	}
 	// ***** END: PublicKey *****
 
 	// ***** START: GPGPublicKey *****
-	keys, err := listGPGKeys(e, u.ID, db.ListOptions{})
+	keys, err := keys_model.ListGPGKeys(ctx, u.ID, db.ListOptions{})
 	if err != nil {
 		return fmt.Errorf("ListGPGKeys: %v", err)
 	}
 	// Delete GPGKeyImport(s).
 	for _, key := range keys {
-		if _, err = e.Delete(&GPGKeyImport{KeyID: key.KeyID}); err != nil {
+		if _, err = e.Delete(&keys_model.GPGKeyImport{KeyID: key.KeyID}); err != nil {
 			return fmt.Errorf("deleteGPGKeyImports: %v", err)
 		}
 	}
-	if _, err = e.Delete(&GPGKey{OwnerID: u.ID}); err != nil {
+	if _, err = e.Delete(&keys_model.GPGKey{OwnerID: u.ID}); err != nil {
 		return fmt.Errorf("deleteGPGKeys: %v", err)
 	}
 	// ***** END: GPGPublicKey *****
diff --git a/models/user_test.go b/models/user_test.go
index d3c7718d69a31..4749a3af73983 100644
--- a/models/user_test.go
+++ b/models/user_test.go
@@ -8,7 +8,6 @@ import (
 	"fmt"
 	"testing"
 
-	"code.gitea.io/gitea/models/login"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 
@@ -121,71 +120,3 @@ func TestGetOrgRepositoryIDs(t *testing.T) {
 	// User 5's team has no access to any repo
 	assert.Len(t, accessibleRepos, 0)
 }
-
-func TestAddLdapSSHPublicKeys(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
-	s := &login.Source{ID: 1}
-
-	testCases := []struct {
-		keyString   string
-		number      int
-		keyContents []string
-	}{
-		{
-			keyString: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
-			number:    1,
-			keyContents: []string{
-				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM=",
-			},
-		},
-		{
-			keyString: `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment
-ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment`,
-			number: 2,
-			keyContents: []string{
-				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM=",
-				"ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag=",
-			},
-		},
-		{
-			keyString: `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment
-# comment asmdna,ndp
-ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment`,
-			number: 2,
-			keyContents: []string{
-				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM=",
-				"ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag=",
-			},
-		},
-		{
-			keyString: `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment
-382488320jasdj1lasmva/vasodifipi4193-fksma.cm
-ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment`,
-			number: 2,
-			keyContents: []string{
-				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM=",
-				"ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag=",
-			},
-		},
-	}
-
-	for i, kase := range testCases {
-		s.ID = int64(i) + 20
-		AddPublicKeysBySource(user, s, []string{kase.keyString})
-		keys, err := ListPublicKeysBySource(user.ID, s.ID)
-		assert.NoError(t, err)
-		if err != nil {
-			continue
-		}
-		assert.Len(t, keys, kase.number)
-
-		for _, key := range keys {
-			assert.Contains(t, kase.keyContents, key.Content)
-		}
-		for _, key := range keys {
-			DeletePublicKey(user, key.ID)
-		}
-	}
-}
diff --git a/modules/convert/convert.go b/modules/convert/convert.go
index eda9f23cd6cfc..9ffc10ca120cc 100644
--- a/modules/convert/convert.go
+++ b/modules/convert/convert.go
@@ -12,6 +12,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -152,7 +153,7 @@ func ToTag(repo *repo_model.Repository, t *git.Tag) *api.Tag {
 
 // ToVerification convert a git.Commit.Signature to an api.PayloadCommitVerification
 func ToVerification(c *git.Commit) *api.PayloadCommitVerification {
-	verif := models.ParseCommitWithSignature(c)
+	verif := keys_model.ParseCommitWithSignature(c)
 	commitVerification := &api.PayloadCommitVerification{
 		Verified: verif.Verified,
 		Reason:   verif.Reason,
@@ -170,8 +171,8 @@ func ToVerification(c *git.Commit) *api.PayloadCommitVerification {
 	return commitVerification
 }
 
-// ToPublicKey convert models.PublicKey to api.PublicKey
-func ToPublicKey(apiLink string, key *models.PublicKey) *api.PublicKey {
+// ToPublicKey convert keys_model.PublicKey to api.PublicKey
+func ToPublicKey(apiLink string, key *keys_model.PublicKey) *api.PublicKey {
 	return &api.PublicKey{
 		ID:          key.ID,
 		Key:         key.Content,
@@ -183,7 +184,7 @@ func ToPublicKey(apiLink string, key *models.PublicKey) *api.PublicKey {
 }
 
 // ToGPGKey converts models.GPGKey to api.GPGKey
-func ToGPGKey(key *models.GPGKey) *api.GPGKey {
+func ToGPGKey(key *keys_model.GPGKey) *api.GPGKey {
 	subkeys := make([]*api.GPGKey, len(key.SubsKey))
 	for id, k := range key.SubsKey {
 		subkeys[id] = &api.GPGKey{
@@ -264,8 +265,8 @@ func ToGitHook(h *git.Hook) *api.GitHook {
 	}
 }
 
-// ToDeployKey convert models.DeployKey to api.DeployKey
-func ToDeployKey(apiLink string, key *models.DeployKey) *api.DeployKey {
+// ToDeployKey convert keys_model.DeployKey to api.DeployKey
+func ToDeployKey(apiLink string, key *keys_model.DeployKey) *api.DeployKey {
 	return &api.DeployKey{
 		ID:          key.ID,
 		KeyID:       key.KeyID,
diff --git a/modules/doctor/authorizedkeys.go b/modules/doctor/authorizedkeys.go
index d9bc70bb777c4..57a32a417ae53 100644
--- a/modules/doctor/authorizedkeys.go
+++ b/modules/doctor/authorizedkeys.go
@@ -12,7 +12,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 )
@@ -32,7 +32,7 @@ func checkAuthorizedKeys(logger log.Logger, autofix bool) error {
 			return fmt.Errorf("Unable to open authorized_keys file. ERROR: %v", err)
 		}
 		logger.Warn("Unable to open authorized_keys. (ERROR: %v). Attempting to rewrite...", err)
-		if err = models.RewriteAllPublicKeys(); err != nil {
+		if err = keys_model.RewriteAllPublicKeys(); err != nil {
 			logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err)
 			return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %v", err)
 		}
@@ -53,7 +53,7 @@ func checkAuthorizedKeys(logger log.Logger, autofix bool) error {
 
 	// now we regenerate and check if there are any lines missing
 	regenerated := &bytes.Buffer{}
-	if err := models.RegeneratePublicKeys(regenerated); err != nil {
+	if err := keys_model.RegeneratePublicKeys(regenerated); err != nil {
 		logger.Critical("Unable to regenerate authorized_keys file. ERROR: %v", err)
 		return fmt.Errorf("Unable to regenerate authorized_keys file. ERROR: %v", err)
 	}
@@ -75,7 +75,7 @@ func checkAuthorizedKeys(logger log.Logger, autofix bool) error {
 			return fmt.Errorf(`authorized_keys is out of date and should be regenerated with "gitea admin regenerate keys" or "gitea doctor --run authorized_keys --fix"`)
 		}
 		logger.Warn("authorized_keys is out of date. Attempting rewrite...")
-		err = models.RewriteAllPublicKeys()
+		err = keys_model.RewriteAllPublicKeys()
 		if err != nil {
 			logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err)
 			return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %v", err)
diff --git a/modules/gitgraph/graph_models.go b/modules/gitgraph/graph_models.go
index e7280e2adc6f9..dfd6007ee8fea 100644
--- a/modules/gitgraph/graph_models.go
+++ b/modules/gitgraph/graph_models.go
@@ -11,6 +11,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -113,9 +114,11 @@ func (graph *Graph) LoadAndProcessCommits(repository *repo_model.Repository, git
 			}
 		}
 
-		c.Verification = models.ParseCommitWithSignature(c.Commit)
+		c.Verification = keys_model.ParseCommitWithSignature(c.Commit)
 
-		_ = models.CalculateTrustStatus(c.Verification, repository, &keyMap)
+		_ = keys_model.CalculateTrustStatus(c.Verification, repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
+			return models.IsUserRepoAdmin(repository, user)
+		}, &keyMap)
 
 		statuses, err := models.GetLatestCommitStatus(repository.ID, c.Commit.ID.String(), db.ListOptions{})
 		if err != nil {
@@ -236,7 +239,7 @@ func newRefsFromRefNames(refNames []byte) []git.Reference {
 type Commit struct {
 	Commit       *git.Commit
 	User         *user_model.User
-	Verification *models.CommitVerification
+	Verification *keys_model.CommitVerification
 	Status       *models.CommitStatus
 	Flow         int64
 	Row          int
diff --git a/modules/private/serv.go b/modules/private/serv.go
index 4f5b19c597133..1375ee75a3daf 100644
--- a/modules/private/serv.go
+++ b/modules/private/serv.go
@@ -10,7 +10,7 @@ import (
 	"net/http"
 	"net/url"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/json"
@@ -19,12 +19,12 @@ import (
 
 // KeyAndOwner is the response from ServNoCommand
 type KeyAndOwner struct {
-	Key   *models.PublicKey `json:"key"`
-	Owner *user_model.User  `json:"user"`
+	Key   *keys_model.PublicKey `json:"key"`
+	Owner *user_model.User      `json:"user"`
 }
 
 // ServNoCommand returns information about the provided key
-func ServNoCommand(ctx context.Context, keyID int64) (*models.PublicKey, *user_model.User, error) {
+func ServNoCommand(ctx context.Context, keyID int64) (*keys_model.PublicKey, *user_model.User, error) {
 	reqURL := setting.LocalURL + fmt.Sprintf("api/internal/serv/none/%d",
 		keyID)
 	resp, err := newInternalRequest(ctx, reqURL, "GET").Response()
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go
index 5f19dd4a5c7ef..ef6f3dfe5a301 100644
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@@ -22,7 +22,7 @@ import (
 	"sync"
 	"syscall"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -172,9 +172,9 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 		// look for the exact principal
 	principalLoop:
 		for _, principal := range cert.ValidPrincipals {
-			pkey, err := models.SearchPublicKeyByContentExact(principal)
+			pkey, err := keys_model.SearchPublicKeyByContentExact(principal)
 			if err != nil {
-				if models.IsErrKeyNotExist(err) {
+				if keys_model.IsErrKeyNotExist(err) {
 					log.Debug("Principal Rejected: %s Unknown Principal: %s", ctx.RemoteAddr(), principal)
 					continue principalLoop
 				}
@@ -232,9 +232,9 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 		log.Debug("Handle Public Key: %s Fingerprint: %s is not a certificate", ctx.RemoteAddr(), gossh.FingerprintSHA256(key))
 	}
 
-	pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(gossh.MarshalAuthorizedKey(key))))
+	pkey, err := keys_model.SearchPublicKeyByContent(strings.TrimSpace(string(gossh.MarshalAuthorizedKey(key))))
 	if err != nil {
-		if models.IsErrKeyNotExist(err) {
+		if keys_model.IsErrKeyNotExist(err) {
 			if log.IsWarn() {
 				log.Warn("Unknown public key: %s from %s", gossh.FingerprintSHA256(key), ctx.RemoteAddr())
 				log.Warn("Failed authentication attempt from %s", ctx.RemoteAddr())
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index b93c628072f67..0a56730bf04b5 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -13,6 +13,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
@@ -23,6 +24,7 @@ import (
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/user"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	keys_service "code.gitea.io/gitea/services/keys"
 	"code.gitea.io/gitea/services/mailer"
 	user_service "code.gitea.io/gitea/services/user"
 )
@@ -381,10 +383,10 @@ func DeleteUserPublicKey(ctx *context.APIContext) {
 		return
 	}
 
-	if err := models.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {
-		if models.IsErrKeyNotExist(err) {
+	if err := keys_service.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {
+		if keys_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
-		} else if models.IsErrKeyAccessDenied(err) {
+		} else if keys_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteUserPublicKey", err)
diff --git a/routers/api/v1/repo/key.go b/routers/api/v1/repo/key.go
index 03ebcb8f72a7b..a9ca10bc3dbe3 100644
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -11,6 +11,8 @@ import (
 	"net/url"
 
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/context"
@@ -19,10 +21,15 @@ import (
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	keys_service "code.gitea.io/gitea/services/keys"
 )
 
 // appendPrivateInformation appends the owner and key type information to api.PublicKey
+<<<<<<< HEAD
 func appendPrivateInformation(apiKey *api.DeployKey, key *models.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) {
+=======
+func appendPrivateInformation(apiKey *api.DeployKey, key *keys_model.DeployKey, repository *models.Repository) (*api.DeployKey, error) {
+>>>>>>> 3db02666b (Move keys to models/keys)
 	apiKey.ReadOnly = key.Mode == perm.AccessModeRead
 	if repository.ID == key.RepoID {
 		apiKey.Repository = convert.ToRepo(repository, key.Mode)
@@ -78,20 +85,20 @@ func ListDeployKeys(ctx *context.APIContext) {
 	//   "200":
 	//     "$ref": "#/responses/DeployKeyList"
 
-	opts := &models.ListDeployKeysOptions{
+	opts := &keys_model.ListDeployKeysOptions{
 		ListOptions: utils.GetListOptions(ctx),
 		RepoID:      ctx.Repo.Repository.ID,
 		KeyID:       ctx.FormInt64("key_id"),
 		Fingerprint: ctx.FormString("fingerprint"),
 	}
 
-	keys, err := models.ListDeployKeys(opts)
+	keys, err := keys_model.ListDeployKeys(db.DefaultContext, opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
 	}
 
-	count, err := models.CountDeployKeys(opts)
+	count, err := keys_model.CountDeployKeys(opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
@@ -142,9 +149,9 @@ func GetDeployKey(ctx *context.APIContext) {
 	//   "200":
 	//     "$ref": "#/responses/DeployKey"
 
-	key, err := models.GetDeployKeyByID(ctx.ParamsInt64(":id"))
+	key, err := keys_model.GetDeployKeyByID(db.DefaultContext, ctx.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrDeployKeyNotExist(err) {
+		if keys_model.IsErrDeployKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetDeployKeyByID", err)
@@ -167,9 +174,9 @@ func GetDeployKey(ctx *context.APIContext) {
 
 // HandleCheckKeyStringError handle check key error
 func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
-	if models.IsErrSSHDisabled(err) {
+	if db.IsErrSSHDisabled(err) {
 		ctx.Error(http.StatusUnprocessableEntity, "", "SSH is disabled")
-	} else if models.IsErrKeyUnableVerify(err) {
+	} else if keys_model.IsErrKeyUnableVerify(err) {
 		ctx.Error(http.StatusUnprocessableEntity, "", "Unable to verify key content")
 	} else {
 		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("Invalid key content: %v", err))
@@ -179,13 +186,13 @@ func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
 // HandleAddKeyError handle add key error
 func HandleAddKeyError(ctx *context.APIContext, err error) {
 	switch {
-	case models.IsErrDeployKeyAlreadyExist(err):
+	case keys_model.IsErrDeployKeyAlreadyExist(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "This key has already been added to this repository")
-	case models.IsErrKeyAlreadyExist(err):
+	case keys_model.IsErrKeyAlreadyExist(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "Key content has been used as non-deploy key")
-	case models.IsErrKeyNameAlreadyUsed(err):
+	case keys_model.IsErrKeyNameAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "Key title has been used")
-	case models.IsErrDeployKeyNameAlreadyUsed(err):
+	case keys_model.IsErrDeployKeyNameAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "A key with the same name already exists")
 	default:
 		ctx.Error(http.StatusInternalServerError, "AddKey", err)
@@ -223,13 +230,13 @@ func CreateDeployKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/validationError"
 
 	form := web.GetForm(ctx).(*api.CreateKeyOption)
-	content, err := models.CheckPublicKeyString(form.Key)
+	content, err := keys_model.CheckPublicKeyString(form.Key)
 	if err != nil {
 		HandleCheckKeyStringError(ctx, err)
 		return
 	}
 
-	key, err := models.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, form.ReadOnly)
+	key, err := keys_model.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, form.ReadOnly)
 	if err != nil {
 		HandleAddKeyError(ctx, err)
 		return
@@ -268,8 +275,8 @@ func DeleteDeploykey(ctx *context.APIContext) {
 	//   "403":
 	//     "$ref": "#/responses/forbidden"
 
-	if err := models.DeleteDeployKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
-		if models.IsErrKeyAccessDenied(err) {
+	if err := keys_service.DeleteDeployKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
+		if keys_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteDeployKey", err)
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 4486e33fe87e4..3e2ccad9f4b42 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -13,6 +13,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
@@ -257,7 +258,11 @@ func CreateUserRepo(ctx *context.APIContext, owner *user_model.User, opt api.Cre
 		IsPrivate:     opt.Private,
 		AutoInit:      opt.AutoInit,
 		DefaultBranch: opt.DefaultBranch,
+<<<<<<< HEAD
 		TrustModel:    repo_model.ToTrustModel(opt.TrustModel),
+=======
+		TrustModel:    keys_model.ToTrustModel(opt.TrustModel),
+>>>>>>> 3db02666b (Move keys to models/keys)
 		IsTemplate:    opt.Template,
 	})
 	if err != nil {
@@ -1023,7 +1028,7 @@ func Delete(ctx *context.APIContext) {
 		ctx.Repo.GitRepo.Close()
 	}
 
-	if err := repo_service.DeleteRepository(ctx.User, repo); err != nil {
+	if err := repo_service.DeleteRepository(ctx.User, repo, true); err != nil {
 		ctx.Error(http.StatusInternalServerError, "DeleteRepository", err)
 		return
 	}
diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go
index 9066268bba293..f9014b5303a89 100644
--- a/routers/api/v1/user/gpg_key.go
+++ b/routers/api/v1/user/gpg_key.go
@@ -8,8 +8,8 @@ import (
 	"fmt"
 	"net/http"
 
-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/convert"
 	api "code.gitea.io/gitea/modules/structs"
@@ -18,7 +18,7 @@ import (
 )
 
 func listGPGKeys(ctx *context.APIContext, uid int64, listOptions db.ListOptions) {
-	keys, err := models.ListGPGKeys(uid, listOptions)
+	keys, err := keys_model.ListGPGKeys(db.DefaultContext, uid, listOptions)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "ListGPGKeys", err)
 		return
@@ -29,7 +29,7 @@ func listGPGKeys(ctx *context.APIContext, uid int64, listOptions db.ListOptions)
 		apiKeys[i] = convert.ToGPGKey(keys[i])
 	}
 
-	total, err := models.CountUserGPGKeys(uid)
+	total, err := keys_model.CountUserGPGKeys(uid)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
@@ -114,9 +114,9 @@ func GetGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	key, err := models.GetGPGKeyByID(ctx.ParamsInt64(":id"))
+	key, err := keys_model.GetGPGKeyByID(ctx.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrGPGKeyNotExist(err) {
+		if keys_model.IsErrGPGKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetGPGKeyByID", err)
@@ -128,12 +128,12 @@ func GetGPGKey(ctx *context.APIContext) {
 
 // CreateUserGPGKey creates new GPG key to given user by ID.
 func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
-	token := models.VerificationToken(ctx.User, 1)
-	lastToken := models.VerificationToken(ctx.User, 0)
+	token := keys_model.VerificationToken(ctx.User, 1)
+	lastToken := keys_model.VerificationToken(ctx.User, 0)
 
-	keys, err := models.AddGPGKey(uid, form.ArmoredKey, token, form.Signature)
-	if err != nil && models.IsErrGPGInvalidTokenSignature(err) {
-		keys, err = models.AddGPGKey(uid, form.ArmoredKey, lastToken, form.Signature)
+	keys, err := keys_model.AddGPGKey(uid, form.ArmoredKey, token, form.Signature)
+	if err != nil && keys_model.IsErrGPGInvalidTokenSignature(err) {
+		keys, err = keys_model.AddGPGKey(uid, form.ArmoredKey, lastToken, form.Signature)
 	}
 	if err != nil {
 		HandleAddGPGKeyError(ctx, err, token)
@@ -156,7 +156,7 @@ func GetVerificationToken(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	token := models.VerificationToken(ctx.User, 1)
+	token := keys_model.VerificationToken(ctx.User, 1)
 	ctx.PlainText(http.StatusOK, []byte(token))
 }
 
@@ -178,25 +178,25 @@ func VerifyUserGPGKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/validationError"
 
 	form := web.GetForm(ctx).(*api.VerifyGPGKeyOption)
-	token := models.VerificationToken(ctx.User, 1)
-	lastToken := models.VerificationToken(ctx.User, 0)
+	token := keys_model.VerificationToken(ctx.User, 1)
+	lastToken := keys_model.VerificationToken(ctx.User, 0)
 
-	_, err := models.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
-	if err != nil && models.IsErrGPGInvalidTokenSignature(err) {
-		_, err = models.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
+	_, err := keys_model.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
+	if err != nil && keys_model.IsErrGPGInvalidTokenSignature(err) {
+		_, err = keys_model.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
 	}
 
 	if err != nil {
-		if models.IsErrGPGInvalidTokenSignature(err) {
+		if keys_model.IsErrGPGInvalidTokenSignature(err) {
 			ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
 			return
 		}
 		ctx.Error(http.StatusInternalServerError, "VerifyUserGPGKey", err)
 	}
 
-	key, err := models.GetGPGKeysByKeyID(form.KeyID)
+	key, err := keys_model.GetGPGKeysByKeyID(form.KeyID)
 	if err != nil {
-		if models.IsErrGPGKeyNotExist(err) {
+		if keys_model.IsErrGPGKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetGPGKeysByKeyID", err)
@@ -255,8 +255,8 @@ func DeleteGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	if err := models.DeleteGPGKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
-		if models.IsErrGPGKeyAccessDenied(err) {
+	if err := keys_model.DeleteGPGKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
+		if keys_model.IsErrGPGKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteGPGKey", err)
@@ -270,15 +270,15 @@ func DeleteGPGKey(ctx *context.APIContext) {
 // HandleAddGPGKeyError handle add GPGKey error
 func HandleAddGPGKeyError(ctx *context.APIContext, err error, token string) {
 	switch {
-	case models.IsErrGPGKeyAccessDenied(err):
+	case keys_model.IsErrGPGKeyAccessDenied(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyAccessDenied", "You do not have access to this GPG key")
-	case models.IsErrGPGKeyIDAlreadyUsed(err):
+	case keys_model.IsErrGPGKeyIDAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyIDAlreadyUsed", "A key with the same id already exists")
-	case models.IsErrGPGKeyParsing(err):
+	case keys_model.IsErrGPGKeyParsing(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyParsing", err)
-	case models.IsErrGPGNoEmailFound(err):
+	case keys_model.IsErrGPGNoEmailFound(err):
 		ctx.Error(http.StatusNotFound, "GPGNoEmailFound", fmt.Sprintf("None of the emails attached to the GPG key could be found. It may still be added if you provide a valid signature for the token: %s", token))
-	case models.IsErrGPGInvalidTokenSignature(err):
+	case keys_model.IsErrGPGInvalidTokenSignature(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
 	default:
 		ctx.Error(http.StatusInternalServerError, "AddGPGKey", err)
diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go
index 32291264bca18..13ccd937dc85b 100644
--- a/routers/api/v1/user/key.go
+++ b/routers/api/v1/user/key.go
@@ -7,7 +7,7 @@ package user
 import (
 	"net/http"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
@@ -17,13 +17,14 @@ import (
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/repo"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	keys_service "code.gitea.io/gitea/services/keys"
 )
 
 // appendPrivateInformation appends the owner and key type information to api.PublicKey
-func appendPrivateInformation(apiKey *api.PublicKey, key *models.PublicKey, defaultUser *user_model.User) (*api.PublicKey, error) {
-	if key.Type == models.KeyTypeDeploy {
+func appendPrivateInformation(apiKey *api.PublicKey, key *keys_model.PublicKey, defaultUser *user_model.User) (*api.PublicKey, error) {
+	if key.Type == keys_model.KeyTypeDeploy {
 		apiKey.KeyType = "deploy"
-	} else if key.Type == models.KeyTypeUser {
+	} else if key.Type == keys_model.KeyTypeUser {
 		apiKey.KeyType = "user"
 
 		if defaultUser.ID == key.OwnerID {
@@ -47,7 +48,7 @@ func composePublicKeysAPILink() string {
 }
 
 func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
-	var keys []*models.PublicKey
+	var keys []*keys_model.PublicKey
 	var err error
 	var count int
 
@@ -58,14 +59,14 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 		// Querying not just listing
 		if username != "" {
 			// Restrict to provided uid
-			keys, err = models.SearchPublicKey(user.ID, fingerprint)
+			keys, err = keys_model.SearchPublicKey(user.ID, fingerprint)
 		} else {
 			// Unrestricted
-			keys, err = models.SearchPublicKey(0, fingerprint)
+			keys, err = keys_model.SearchPublicKey(0, fingerprint)
 		}
 		count = len(keys)
 	} else {
-		total, err2 := models.CountPublicKeys(user.ID)
+		total, err2 := keys_model.CountPublicKeys(user.ID)
 		if err2 != nil {
 			ctx.InternalServerError(err)
 			return
@@ -73,7 +74,7 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 		count = int(total)
 
 		// Use ListPublicKeys
-		keys, err = models.ListPublicKeys(user.ID, utils.GetListOptions(ctx))
+		keys, err = keys_model.ListPublicKeys(user.ID, utils.GetListOptions(ctx))
 	}
 
 	if err != nil {
@@ -177,9 +178,9 @@ func GetPublicKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	key, err := models.GetPublicKeyByID(ctx.ParamsInt64(":id"))
+	key, err := keys_model.GetPublicKeyByID(ctx.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrKeyNotExist(err) {
+		if keys_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetPublicKeyByID", err)
@@ -197,13 +198,13 @@ func GetPublicKey(ctx *context.APIContext) {
 
 // CreateUserPublicKey creates new public key to given user by ID.
 func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) {
-	content, err := models.CheckPublicKeyString(form.Key)
+	content, err := keys_model.CheckPublicKeyString(form.Key)
 	if err != nil {
 		repo.HandleCheckKeyStringError(ctx, err)
 		return
 	}
 
-	key, err := models.AddPublicKey(uid, form.Title, content, 0)
+	key, err := keys_model.AddPublicKey(uid, form.Title, content, 0)
 	if err != nil {
 		repo.HandleAddKeyError(ctx, err)
 		return
@@ -263,7 +264,7 @@ func DeletePublicKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"
 
 	id := ctx.ParamsInt64(":id")
-	externallyManaged, err := models.PublicKeyIsExternallyManaged(id)
+	externallyManaged, err := keys_model.PublicKeyIsExternallyManaged(id)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "PublicKeyIsExternallyManaged", err)
 	}
@@ -271,10 +272,10 @@ func DeletePublicKey(ctx *context.APIContext) {
 		ctx.Error(http.StatusForbidden, "", "SSH Key is externally managed for this user")
 	}
 
-	if err := models.DeletePublicKey(ctx.User, id); err != nil {
-		if models.IsErrKeyNotExist(err) {
+	if err := keys_service.DeletePublicKey(ctx.User, id); err != nil {
+		if keys_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
-		} else if models.IsErrKeyAccessDenied(err) {
+		} else if keys_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeletePublicKey", err)
diff --git a/routers/init.go b/routers/init.go
index 2143ab476bb0f..6cc7caacbaeb8 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -13,6 +13,7 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/appstate"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/eventsource"
@@ -87,7 +88,7 @@ func syncAppPathForGit(ctx context.Context) error {
 		mustInitCtx(ctx, repo_service.SyncRepositoryHooks)
 
 		log.Info("re-write ssh public keys ...")
-		mustInit(models.RewriteAllPublicKeys)
+		mustInit(keys_model.RewriteAllPublicKeys)
 
 		runtimeState.LastAppPath = setting.AppPath
 		return appstate.AppState.Set(runtimeState)
diff --git a/routers/private/hook_verification.go b/routers/private/hook_verification.go
index 8c7492ea6859c..a181ea0edffeb 100644
--- a/routers/private/hook_verification.go
+++ b/routers/private/hook_verification.go
@@ -12,7 +12,7 @@ import (
 	"io"
 	"os"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 )
@@ -97,7 +97,7 @@ func readAndVerifyCommit(sha string, repo *git.Repository, env []string) error {
 				if err != nil {
 					return err
 				}
-				verification := models.ParseCommitWithSignature(commit)
+				verification := keys_model.ParseCommitWithSignature(commit)
 				if !verification.Verified {
 					cancel()
 					return &errUnverifiedCommit{
diff --git a/routers/private/key.go b/routers/private/key.go
index 4f518e41f0dfa..3d8a1becfe070 100644
--- a/routers/private/key.go
+++ b/routers/private/key.go
@@ -8,7 +8,7 @@ package private
 import (
 	"net/http"
 
-	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/timeutil"
@@ -18,16 +18,16 @@ import (
 func UpdatePublicKeyInRepo(ctx *context.PrivateContext) {
 	keyID := ctx.ParamsInt64(":id")
 	repoID := ctx.ParamsInt64(":repoid")
-	if err := models.UpdatePublicKeyUpdated(keyID); err != nil {
+	if err := keys_model.UpdatePublicKeyUpdated(keyID); err != nil {
 		ctx.JSON(http.StatusInternalServerError, private.Response{
 			Err: err.Error(),
 		})
 		return
 	}
 
-	deployKey, err := models.GetDeployKeyByRepo(keyID, repoID)
+	deployKey, err := keys_model.GetDeployKeyByRepo(keyID, repoID)
 	if err != nil {
-		if models.IsErrDeployKeyNotExist(err) {
+		if keys_model.IsErrDeployKeyNotExist(err) {
 			ctx.PlainText(http.StatusOK, []byte("success"))
 			return
 		}
@@ -37,7 +37,7 @@ func UpdatePublicKeyInRepo(ctx *context.PrivateContext) {
 		return
 	}
 	deployKey.UpdatedUnix = timeutil.TimeStampNow()
-	if err = models.UpdateDeployKeyCols(deployKey, "updated_unix"); err != nil {
+	if err = keys_model.UpdateDeployKeyCols(deployKey, "updated_unix"); err != nil {
 		ctx.JSON(http.StatusInternalServerError, private.Response{
 			Err: err.Error(),
 		})
@@ -52,7 +52,7 @@ func UpdatePublicKeyInRepo(ctx *context.PrivateContext) {
 func AuthorizedPublicKeyByContent(ctx *context.PrivateContext) {
 	content := ctx.FormString("content")
 
-	publicKey, err := models.SearchPublicKeyByContent(content)
+	publicKey, err := keys_model.SearchPublicKeyByContent(content)
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, private.Response{
 			Err: err.Error(),
diff --git a/routers/private/serv.go b/routers/private/serv.go
index f28d5a7450177..96e989c1a1dd7 100644
--- a/routers/private/serv.go
+++ b/routers/private/serv.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -34,9 +35,9 @@ func ServNoCommand(ctx *context.PrivateContext) {
 	}
 	results := private.KeyAndOwner{}
 
-	key, err := models.GetPublicKeyByID(keyID)
+	key, err := keys_model.GetPublicKeyByID(keyID)
 	if err != nil {
-		if models.IsErrKeyNotExist(err) {
+		if keys_model.IsErrKeyNotExist(err) {
 			ctx.JSON(http.StatusUnauthorized, private.Response{
 				Err: fmt.Sprintf("Cannot find key: %d", keyID),
 			})
@@ -50,7 +51,7 @@ func ServNoCommand(ctx *context.PrivateContext) {
 	}
 	results.Key = key
 
-	if key.Type == models.KeyTypeUser || key.Type == models.KeyTypePrincipal {
+	if key.Type == keys_model.KeyTypeUser || key.Type == keys_model.KeyTypePrincipal {
 		user, err := user_model.GetUserByID(key.OwnerID)
 		if err != nil {
 			if user_model.IsErrUserNotExist(err) {
@@ -184,9 +185,9 @@ func ServCommand(ctx *context.PrivateContext) {
 	}
 
 	// Get the Public Key represented by the keyID
-	key, err := models.GetPublicKeyByID(keyID)
+	key, err := keys_model.GetPublicKeyByID(keyID)
 	if err != nil {
-		if models.IsErrKeyNotExist(err) {
+		if keys_model.IsErrKeyNotExist(err) {
 			ctx.JSON(http.StatusNotFound, private.ErrServCommand{
 				Results: results,
 				Err:     fmt.Sprintf("Cannot find key: %d", keyID),
@@ -205,7 +206,7 @@ func ServCommand(ctx *context.PrivateContext) {
 	results.UserID = key.OwnerID
 
 	// If repo doesn't exist, deploy key doesn't make sense
-	if !repoExist && key.Type == models.KeyTypeDeploy {
+	if !repoExist && key.Type == keys_model.KeyTypeDeploy {
 		ctx.JSON(http.StatusNotFound, private.ErrServCommand{
 			Results: results,
 			Err:     fmt.Sprintf("Cannot find repository %s/%s", results.OwnerName, results.RepoName),
@@ -216,15 +217,15 @@ func ServCommand(ctx *context.PrivateContext) {
 	// Deploy Keys have ownerID set to 0 therefore we can't use the owner
 	// So now we need to check if the key is a deploy key
 	// We'll keep hold of the deploy key here for permissions checking
-	var deployKey *models.DeployKey
+	var deployKey *keys_model.DeployKey
 	var user *user_model.User
-	if key.Type == models.KeyTypeDeploy {
+	if key.Type == keys_model.KeyTypeDeploy {
 		results.IsDeployKey = true
 
 		var err error
-		deployKey, err = models.GetDeployKeyByRepo(key.ID, repo.ID)
+		deployKey, err = keys_model.GetDeployKeyByRepo(key.ID, repo.ID)
 		if err != nil {
-			if models.IsErrDeployKeyNotExist(err) {
+			if keys_model.IsErrDeployKeyNotExist(err) {
 				ctx.JSON(http.StatusNotFound, private.ErrServCommand{
 					Results: results,
 					Err:     fmt.Sprintf("Public (Deploy) Key: %d:%s is not authorized to %s %s/%s.", key.ID, key.Name, modeString, results.OwnerName, results.RepoName),
@@ -297,7 +298,7 @@ func ServCommand(ctx *context.PrivateContext) {
 			owner.Visibility.IsPrivate() ||
 			(user != nil && user.IsRestricted) || // user will be nil if the key is a deploykey
 			setting.Service.RequireSignInView) {
-		if key.Type == models.KeyTypeDeploy {
+		if key.Type == keys_model.KeyTypeDeploy {
 			if deployKey.Mode < mode {
 				ctx.JSON(http.StatusUnauthorized, private.ErrServCommand{
 					Results: results,
diff --git a/routers/web/admin/repos.go b/routers/web/admin/repos.go
index 7db8b4d337ff8..7e3ec96fce8d7 100644
--- a/routers/web/admin/repos.go
+++ b/routers/web/admin/repos.go
@@ -52,7 +52,7 @@ func DeleteRepo(ctx *context.Context) {
 		ctx.Repo.GitRepo.Close()
 	}
 
-	if err := repo_service.DeleteRepository(ctx.User, repo); err != nil {
+	if err := repo_service.DeleteRepository(ctx.User, repo, true); err != nil {
 		ctx.ServerError("DeleteRepository", err)
 		return
 	}
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index ef21017a3108d..2396321626f6f 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -12,6 +12,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
@@ -344,13 +345,15 @@ func Diff(ctx *context.Context) {
 	ctx.Data["CommitStatus"] = models.CalcCommitStatus(statuses)
 	ctx.Data["CommitStatuses"] = statuses
 
-	verification := models.ParseCommitWithSignature(commit)
+	verification := keys_model.ParseCommitWithSignature(commit)
 	ctx.Data["Verification"] = verification
 	ctx.Data["Author"] = user_model.ValidateCommitWithEmail(commit)
 	ctx.Data["Parents"] = parents
 	ctx.Data["DiffNotAvailable"] = diff.NumFiles == 0
 
-	if err := models.CalculateTrustStatus(verification, ctx.Repo.Repository, nil); err != nil {
+	if err := keys_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
+		return models.IsUserRepoAdmin(ctx.Repo.Repository, user)
+	}, nil); err != nil {
 		ctx.ServerError("CalculateTrustStatus", err)
 		return
 	}
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index b4bab5960b388..a792b69159edf 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -14,6 +14,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -261,7 +262,11 @@ func CreatePost(ctx *context.Context) {
 			DefaultBranch: form.DefaultBranch,
 			AutoInit:      form.AutoInit,
 			IsTemplate:    form.Template,
+<<<<<<< HEAD
 			TrustModel:    repo_model.ToTrustModel(form.TrustModel),
+=======
+			TrustModel:    keys_model.ToTrustModel(form.TrustModel),
+>>>>>>> 3db02666b (Move keys to models/keys)
 		})
 		if err == nil {
 			log.Trace("Repository created [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
diff --git a/routers/web/repo/setting.go b/routers/web/repo/setting.go
index 68b53f2e90416..019beac253d7e 100644
--- a/routers/web/repo/setting.go
+++ b/routers/web/repo/setting.go
@@ -16,6 +16,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
@@ -35,6 +36,7 @@ import (
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
 	"code.gitea.io/gitea/services/forms"
+	keys_service "code.gitea.io/gitea/services/keys"
 	"code.gitea.io/gitea/services/mailer"
 	"code.gitea.io/gitea/services/migrations"
 	mirror_service "code.gitea.io/gitea/services/mirror"
@@ -477,7 +479,11 @@ func SettingsPost(ctx *context.Context) {
 	case "signing":
 		changed := false
 
+<<<<<<< HEAD
 		trustModel := repo_model.ToTrustModel(form.TrustModel)
+=======
+		trustModel := keys_model.ToTrustModel(form.TrustModel)
+>>>>>>> 3db02666b (Move keys to models/keys)
 		if trustModel != repo.TrustModel {
 			repo.TrustModel = trustModel
 			changed = true
@@ -673,7 +679,7 @@ func SettingsPost(ctx *context.Context) {
 			ctx.Repo.GitRepo.Close()
 		}
 
-		if err := repo_service.DeleteRepository(ctx.User, ctx.Repo.Repository); err != nil {
+		if err := repo_service.DeleteRepository(ctx.User, ctx.Repo.Repository, true); err != nil {
 			ctx.ServerError("DeleteRepository", err)
 			return
 		}
@@ -1029,7 +1035,7 @@ func DeployKeys(ctx *context.Context) {
 	ctx.Data["PageIsSettingsKeys"] = true
 	ctx.Data["DisableSSH"] = setting.SSH.Disabled
 
-	keys, err := models.ListDeployKeys(&models.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
+	keys, err := keys_model.ListDeployKeys(db.DefaultContext, &keys_model.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
 	if err != nil {
 		ctx.ServerError("ListDeployKeys", err)
 		return
@@ -1045,7 +1051,7 @@ func DeployKeysPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("repo.settings.deploy_keys")
 	ctx.Data["PageIsSettingsKeys"] = true
 
-	keys, err := models.ListDeployKeys(&models.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
+	keys, err := keys_model.ListDeployKeys(db.DefaultContext, &keys_model.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
 	if err != nil {
 		ctx.ServerError("ListDeployKeys", err)
 		return
@@ -1057,11 +1063,11 @@ func DeployKeysPost(ctx *context.Context) {
 		return
 	}
 
-	content, err := models.CheckPublicKeyString(form.Content)
+	content, err := keys_model.CheckPublicKeyString(form.Content)
 	if err != nil {
-		if models.IsErrSSHDisabled(err) {
+		if db.IsErrSSHDisabled(err) {
 			ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
-		} else if models.IsErrKeyUnableVerify(err) {
+		} else if keys_model.IsErrKeyUnableVerify(err) {
 			ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
 		} else {
 			ctx.Data["HasError"] = true
@@ -1072,20 +1078,20 @@ func DeployKeysPost(ctx *context.Context) {
 		return
 	}
 
-	key, err := models.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, !form.IsWritable)
+	key, err := keys_model.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, !form.IsWritable)
 	if err != nil {
 		ctx.Data["HasError"] = true
 		switch {
-		case models.IsErrDeployKeyAlreadyExist(err):
+		case keys_model.IsErrDeployKeyAlreadyExist(err):
 			ctx.Data["Err_Content"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_been_used"), tplDeployKeys, &form)
-		case models.IsErrKeyAlreadyExist(err):
+		case keys_model.IsErrKeyAlreadyExist(err):
 			ctx.Data["Err_Content"] = true
 			ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplDeployKeys, &form)
-		case models.IsErrKeyNameAlreadyUsed(err):
+		case keys_model.IsErrKeyNameAlreadyUsed(err):
 			ctx.Data["Err_Title"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)
-		case models.IsErrDeployKeyNameAlreadyUsed(err):
+		case keys_model.IsErrDeployKeyNameAlreadyUsed(err):
 			ctx.Data["Err_Title"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)
 		default:
@@ -1101,7 +1107,7 @@ func DeployKeysPost(ctx *context.Context) {
 
 // DeleteDeployKey response for deleting a deploy key
 func DeleteDeployKey(ctx *context.Context) {
-	if err := models.DeleteDeployKey(ctx.User, ctx.FormInt64("id")); err != nil {
+	if err := keys_service.DeleteDeployKey(ctx.User, ctx.FormInt64("id")); err != nil {
 		ctx.Flash.Error("DeleteDeployKey: " + err.Error())
 	} else {
 		ctx.Flash.Success(ctx.Tr("repo.settings.deploy_key_deletion_success"))
diff --git a/routers/web/repo/settings_test.go b/routers/web/repo/settings_test.go
index fe6e9b52bafb3..813377097c3eb 100644
--- a/routers/web/repo/settings_test.go
+++ b/routers/web/repo/settings_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
@@ -61,7 +62,7 @@ func TestAddReadOnlyDeployKey(t *testing.T) {
 	DeployKeysPost(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 
-	unittest.AssertExistsAndLoadBean(t, &models.DeployKey{
+	unittest.AssertExistsAndLoadBean(t, &keys_model.DeployKey{
 		Name:    addKeyForm.Title,
 		Content: addKeyForm.Content,
 		Mode:    perm.AccessModeRead,
@@ -91,7 +92,7 @@ func TestAddReadWriteOnlyDeployKey(t *testing.T) {
 	DeployKeysPost(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 
-	unittest.AssertExistsAndLoadBean(t, &models.DeployKey{
+	unittest.AssertExistsAndLoadBean(t, &keys_model.DeployKey{
 		Name:    addKeyForm.Title,
 		Content: addKeyForm.Content,
 		Mode:    perm.AccessModeWrite,
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index bc8396ab79a7a..9623bd29446b3 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -21,6 +21,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -777,9 +778,11 @@ func renderDirectoryFiles(ctx *context.Context, timeout time.Duration) git.Entri
 	ctx.Data["LatestCommit"] = latestCommit
 	if latestCommit != nil {
 
-		verification := models.ParseCommitWithSignature(latestCommit)
+		verification := keys_model.ParseCommitWithSignature(latestCommit)
 
-		if err := models.CalculateTrustStatus(verification, ctx.Repo.Repository, nil); err != nil {
+		if err := keys_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
+			return models.IsUserRepoAdmin(ctx.Repo.Repository, user)
+		}, nil); err != nil {
 			ctx.ServerError("CalculateTrustStatus", err)
 			return nil
 		}
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index d3883571ed203..e414fb5ffb38f 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -16,6 +16,7 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -827,7 +828,7 @@ func repoIDMap(ctxUser *user_model.User, issueCountByRepo map[int64]int64, unitT
 
 // ShowSSHKeys output all the ssh keys of user by uid
 func ShowSSHKeys(ctx *context.Context, uid int64) {
-	keys, err := models.ListPublicKeys(uid, db.ListOptions{})
+	keys, err := keys_model.ListPublicKeys(uid, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListPublicKeys", err)
 		return
@@ -843,7 +844,7 @@ func ShowSSHKeys(ctx *context.Context, uid int64) {
 
 // ShowGPGKeys output all the public GPG keys of user by uid
 func ShowGPGKeys(ctx *context.Context, uid int64) {
-	keys, err := models.ListGPGKeys(uid, db.ListOptions{})
+	keys, err := keys_model.ListGPGKeys(db.DefaultContext, uid, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListGPGKeys", err)
 		return
@@ -851,9 +852,9 @@ func ShowGPGKeys(ctx *context.Context, uid int64) {
 	entities := make([]*openpgp.Entity, 0)
 	failedEntitiesID := make([]string, 0)
 	for _, k := range keys {
-		e, err := models.GPGKeyToEntity(k)
+		e, err := keys_model.GPGKeyToEntity(k)
 		if err != nil {
-			if models.IsErrGPGKeyImportNotExist(err) {
+			if keys_model.IsErrGPGKeyImportNotExist(err) {
 				failedEntitiesID = append(failedEntitiesID, k.KeyID)
 				continue //Skip previous import without backup of imported armored key
 			}
diff --git a/routers/web/user/setting/keys.go b/routers/web/user/setting/keys.go
index 22a0fe474171f..9c3ba973cdcfc 100644
--- a/routers/web/user/setting/keys.go
+++ b/routers/web/user/setting/keys.go
@@ -8,13 +8,14 @@ package setting
 import (
 	"net/http"
 
-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/services/forms"
+	keys_service "code.gitea.io/gitea/services/keys"
 )
 
 const (
@@ -51,9 +52,9 @@ func KeysPost(ctx *context.Context) {
 	}
 	switch form.Type {
 	case "principal":
-		content, err := models.CheckPrincipalKeyString(ctx.User, form.Content)
+		content, err := keys_model.CheckPrincipalKeyString(ctx.User, form.Content)
 		if err != nil {
-			if models.IsErrSSHDisabled(err) {
+			if db.IsErrSSHDisabled(err) {
 				ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
 			} else {
 				ctx.Flash.Error(ctx.Tr("form.invalid_ssh_principal", err.Error()))
@@ -61,10 +62,10 @@ func KeysPost(ctx *context.Context) {
 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 			return
 		}
-		if _, err = models.AddPrincipalKey(ctx.User.ID, content, 0); err != nil {
+		if _, err = keys_model.AddPrincipalKey(ctx.User.ID, content, 0); err != nil {
 			ctx.Data["HasPrincipalError"] = true
 			switch {
-			case models.IsErrKeyAlreadyExist(err), models.IsErrKeyNameAlreadyUsed(err):
+			case keys_model.IsErrKeyAlreadyExist(err), keys_model.IsErrKeyNameAlreadyUsed(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Content"] = true
@@ -77,36 +78,36 @@ func KeysPost(ctx *context.Context) {
 		ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content))
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "gpg":
-		token := models.VerificationToken(ctx.User, 1)
-		lastToken := models.VerificationToken(ctx.User, 0)
+		token := keys_model.VerificationToken(ctx.User, 1)
+		lastToken := keys_model.VerificationToken(ctx.User, 0)
 
-		keys, err := models.AddGPGKey(ctx.User.ID, form.Content, token, form.Signature)
-		if err != nil && models.IsErrGPGInvalidTokenSignature(err) {
-			keys, err = models.AddGPGKey(ctx.User.ID, form.Content, lastToken, form.Signature)
+		keys, err := keys_model.AddGPGKey(ctx.User.ID, form.Content, token, form.Signature)
+		if err != nil && keys_model.IsErrGPGInvalidTokenSignature(err) {
+			keys, err = keys_model.AddGPGKey(ctx.User.ID, form.Content, lastToken, form.Signature)
 		}
 		if err != nil {
 			ctx.Data["HasGPGError"] = true
 			switch {
-			case models.IsErrGPGKeyParsing(err):
+			case keys_model.IsErrGPGKeyParsing(err):
 				ctx.Flash.Error(ctx.Tr("form.invalid_gpg_key", err.Error()))
 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
-			case models.IsErrGPGKeyIDAlreadyUsed(err):
+			case keys_model.IsErrGPGKeyIDAlreadyUsed(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Content"] = true
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_key_id_used"), tplSettingsKeys, &form)
-			case models.IsErrGPGInvalidTokenSignature(err):
+			case keys_model.IsErrGPGInvalidTokenSignature(err):
 				loadKeysData(ctx)
 				ctx.Data["Err_Content"] = true
 				ctx.Data["Err_Signature"] = true
-				ctx.Data["KeyID"] = err.(models.ErrGPGInvalidTokenSignature).ID
+				ctx.Data["KeyID"] = err.(keys_model.ErrGPGInvalidTokenSignature).ID
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_invalid_token_signature"), tplSettingsKeys, &form)
-			case models.IsErrGPGNoEmailFound(err):
+			case keys_model.IsErrGPGNoEmailFound(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Content"] = true
 				ctx.Data["Err_Signature"] = true
-				ctx.Data["KeyID"] = err.(models.ErrGPGNoEmailFound).ID
+				ctx.Data["KeyID"] = err.(keys_model.ErrGPGNoEmailFound).ID
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_no_key_email_found"), tplSettingsKeys, &form)
 			default:
 				ctx.ServerError("AddPublicKey", err)
@@ -124,21 +125,21 @@ func KeysPost(ctx *context.Context) {
 		ctx.Flash.Success(ctx.Tr("settings.add_gpg_key_success", keyIDs))
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "verify_gpg":
-		token := models.VerificationToken(ctx.User, 1)
-		lastToken := models.VerificationToken(ctx.User, 0)
+		token := keys_model.VerificationToken(ctx.User, 1)
+		lastToken := keys_model.VerificationToken(ctx.User, 0)
 
-		keyID, err := models.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
-		if err != nil && models.IsErrGPGInvalidTokenSignature(err) {
-			keyID, err = models.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
+		keyID, err := keys_model.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
+		if err != nil && keys_model.IsErrGPGInvalidTokenSignature(err) {
+			keyID, err = keys_model.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
 		}
 		if err != nil {
 			ctx.Data["HasGPGVerifyError"] = true
 			switch {
-			case models.IsErrGPGInvalidTokenSignature(err):
+			case keys_model.IsErrGPGInvalidTokenSignature(err):
 				loadKeysData(ctx)
 				ctx.Data["VerifyingID"] = form.KeyID
 				ctx.Data["Err_Signature"] = true
-				ctx.Data["KeyID"] = err.(models.ErrGPGInvalidTokenSignature).ID
+				ctx.Data["KeyID"] = err.(keys_model.ErrGPGInvalidTokenSignature).ID
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_invalid_token_signature"), tplSettingsKeys, &form)
 			default:
 				ctx.ServerError("VerifyGPG", err)
@@ -147,11 +148,11 @@ func KeysPost(ctx *context.Context) {
 		ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID))
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "ssh":
-		content, err := models.CheckPublicKeyString(form.Content)
+		content, err := keys_model.CheckPublicKeyString(form.Content)
 		if err != nil {
-			if models.IsErrSSHDisabled(err) {
+			if db.IsErrSSHDisabled(err) {
 				ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
-			} else if models.IsErrKeyUnableVerify(err) {
+			} else if keys_model.IsErrKeyUnableVerify(err) {
 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
 			} else {
 				ctx.Flash.Error(ctx.Tr("form.invalid_ssh_key", err.Error()))
@@ -160,20 +161,20 @@ func KeysPost(ctx *context.Context) {
 			return
 		}
 
-		if _, err = models.AddPublicKey(ctx.User.ID, form.Title, content, 0); err != nil {
+		if _, err = keys_model.AddPublicKey(ctx.User.ID, form.Title, content, 0); err != nil {
 			ctx.Data["HasSSHError"] = true
 			switch {
-			case models.IsErrKeyAlreadyExist(err):
+			case keys_model.IsErrKeyAlreadyExist(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Content"] = true
 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplSettingsKeys, &form)
-			case models.IsErrKeyNameAlreadyUsed(err):
+			case keys_model.IsErrKeyNameAlreadyUsed(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Title"] = true
 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_name_used"), tplSettingsKeys, &form)
-			case models.IsErrKeyUnableVerify(err):
+			case keys_model.IsErrKeyUnableVerify(err):
 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 			default:
@@ -196,14 +197,14 @@ func DeleteKey(ctx *context.Context) {
 
 	switch ctx.FormString("type") {
 	case "gpg":
-		if err := models.DeleteGPGKey(ctx.User, ctx.FormInt64("id")); err != nil {
+		if err := keys_model.DeleteGPGKey(ctx.User, ctx.FormInt64("id")); err != nil {
 			ctx.Flash.Error("DeleteGPGKey: " + err.Error())
 		} else {
 			ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success"))
 		}
 	case "ssh":
 		keyID := ctx.FormInt64("id")
-		external, err := models.PublicKeyIsExternallyManaged(keyID)
+		external, err := keys_model.PublicKeyIsExternallyManaged(keyID)
 		if err != nil {
 			ctx.ServerError("sshKeysExternalManaged", err)
 			return
@@ -213,13 +214,13 @@ func DeleteKey(ctx *context.Context) {
 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 			return
 		}
-		if err := models.DeletePublicKey(ctx.User, keyID); err != nil {
+		if err := keys_service.DeletePublicKey(ctx.User, keyID); err != nil {
 			ctx.Flash.Error("DeletePublicKey: " + err.Error())
 		} else {
 			ctx.Flash.Success(ctx.Tr("settings.ssh_key_deletion_success"))
 		}
 	case "principal":
-		if err := models.DeletePublicKey(ctx.User, ctx.FormInt64("id")); err != nil {
+		if err := keys_service.DeletePublicKey(ctx.User, ctx.FormInt64("id")); err != nil {
 			ctx.Flash.Error("DeletePublicKey: " + err.Error())
 		} else {
 			ctx.Flash.Success(ctx.Tr("settings.ssh_principal_deletion_success"))
@@ -234,32 +235,32 @@ func DeleteKey(ctx *context.Context) {
 }
 
 func loadKeysData(ctx *context.Context) {
-	keys, err := models.ListPublicKeys(ctx.User.ID, db.ListOptions{})
+	keys, err := keys_model.ListPublicKeys(ctx.User.ID, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListPublicKeys", err)
 		return
 	}
 	ctx.Data["Keys"] = keys
 
-	externalKeys, err := models.PublicKeysAreExternallyManaged(keys)
+	externalKeys, err := keys_model.PublicKeysAreExternallyManaged(keys)
 	if err != nil {
 		ctx.ServerError("ListPublicKeys", err)
 		return
 	}
 	ctx.Data["ExternalKeys"] = externalKeys
 
-	gpgkeys, err := models.ListGPGKeys(ctx.User.ID, db.ListOptions{})
+	gpgkeys, err := keys_model.ListGPGKeys(db.DefaultContext, ctx.User.ID, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListGPGKeys", err)
 		return
 	}
 	ctx.Data["GPGKeys"] = gpgkeys
-	tokenToSign := models.VerificationToken(ctx.User, 1)
+	tokenToSign := keys_model.VerificationToken(ctx.User, 1)
 
 	// generate a new aes cipher using the csrfToken
 	ctx.Data["TokenToSign"] = tokenToSign
 
-	principals, err := models.ListPrincipalKeys(ctx.User.ID, db.ListOptions{})
+	principals, err := keys_model.ListPrincipalKeys(ctx.User.ID, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListPrincipalKeys", err)
 		return
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index 9bb07d244faa5..f05ff5a3992f8 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -8,8 +8,8 @@ import (
 	"fmt"
 	"strings"
 
-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/services/mailer"
@@ -59,8 +59,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 	}
 
 	if user != nil {
-		if isAttributeSSHPublicKeySet && models.SynchronizePublicKeys(user, source.loginSource, sr.SSHPublicKey) {
-			return user, models.RewriteAllPublicKeys()
+		if isAttributeSSHPublicKeySet && keys_model.SynchronizePublicKeys(user, source.loginSource, sr.SSHPublicKey) {
+			return user, keys_model.RewriteAllPublicKeys()
 		}
 
 		return user, nil
@@ -95,8 +95,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 
 	mailer.SendRegisterNotifyMail(user)
 
-	if isAttributeSSHPublicKeySet && models.AddPublicKeysBySource(user, source.loginSource, sr.SSHPublicKey) {
-		err = models.RewriteAllPublicKeys()
+	if isAttributeSSHPublicKeySet && keys_model.AddPublicKeysBySource(user, source.loginSource, sr.SSHPublicKey) {
+		err = keys_model.RewriteAllPublicKeys()
 	}
 
 	if err == nil && len(source.AttributeAvatar) > 0 {
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
index 9c504476c0a34..4769b364c089a 100644
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@@ -10,8 +10,8 @@ import (
 	"sort"
 	"strings"
 
-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	user_service "code.gitea.io/gitea/services/user"
@@ -68,7 +68,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 			log.Warn("SyncExternalUsers: Cancelled at update of %s before completed update of users", source.loginSource.Name)
 			// Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed
 			if sshKeysNeedUpdate {
-				err = models.RewriteAllPublicKeys()
+				err = keys_model.RewriteAllPublicKeys()
 				if err != nil {
 					log.Error("RewriteAllPublicKeys: %v", err)
 				}
@@ -119,7 +119,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 
 			if err == nil && isAttributeSSHPublicKeySet {
 				log.Trace("SyncExternalUsers[%s]: Adding LDAP Public SSH Keys for user %s", source.loginSource.Name, usr.Name)
-				if models.AddPublicKeysBySource(usr, source.loginSource, su.SSHPublicKey) {
+				if keys_model.AddPublicKeysBySource(usr, source.loginSource, su.SSHPublicKey) {
 					sshKeysNeedUpdate = true
 				}
 			}
@@ -129,7 +129,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 			}
 		} else if updateExisting {
 			// Synchronize SSH Public Key if that attribute is set
-			if isAttributeSSHPublicKeySet && models.SynchronizePublicKeys(usr, source.loginSource, su.SSHPublicKey) {
+			if isAttributeSSHPublicKeySet && keys_model.SynchronizePublicKeys(usr, source.loginSource, su.SSHPublicKey) {
 				sshKeysNeedUpdate = true
 			}
 
@@ -171,7 +171,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 
 	// Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed
 	if sshKeysNeedUpdate {
-		err = models.RewriteAllPublicKeys()
+		err = keys_model.RewriteAllPublicKeys()
 		if err != nil {
 			log.Error("RewriteAllPublicKeys: %v", err)
 		}
diff --git a/services/cron/tasks_extended.go b/services/cron/tasks_extended.go
index bc6add090bd81..9dae99afa3b5f 100644
--- a/services/cron/tasks_extended.go
+++ b/services/cron/tasks_extended.go
@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/updatechecker"
@@ -67,7 +68,7 @@ func registerRewriteAllPublicKeys() {
 		RunAtStart: false,
 		Schedule:   "@every 72h",
 	}, func(_ context.Context, _ *user_model.User, _ Config) error {
-		return models.RewriteAllPublicKeys()
+		return keys_model.RewriteAllPublicKeys()
 	})
 }
 
@@ -77,7 +78,7 @@ func registerRewriteAllPrincipalKeys() {
 		RunAtStart: false,
 		Schedule:   "@every 72h",
 	}, func(_ context.Context, _ *user_model.User, _ Config) error {
-		return models.RewriteAllPrincipalKeys()
+		return keys_model.RewriteAllPrincipalKeys()
 	})
 }
 
diff --git a/services/keys/deploy_key.go b/services/keys/deploy_key.go
new file mode 100644
index 0000000000000..7d3176a5d86fa
--- /dev/null
+++ b/services/keys/deploy_key.go
@@ -0,0 +1,30 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package keys
+
+import (
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/keys"
+	user_model "code.gitea.io/gitea/models/user"
+)
+
+// DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
+func DeleteDeployKey(doer *user_model.User, id int64) error {
+	ctx, committer, err := db.TxContext()
+	if err != nil {
+		return err
+	}
+	defer committer.Close()
+
+	if err := models.DeleteDeployKey(ctx, doer, id); err != nil {
+		return err
+	}
+	if err := committer.Commit(); err != nil {
+		return err
+	}
+
+	return keys.RewriteAllPublicKeys()
+}
diff --git a/services/keys/main_test.go b/services/keys/main_test.go
new file mode 100644
index 0000000000000..2d1e0b556eed5
--- /dev/null
+++ b/services/keys/main_test.go
@@ -0,0 +1,16 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package keys
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, filepath.Join("..", ".."))
+}
diff --git a/services/keys/ssh_key.go b/services/keys/ssh_key.go
new file mode 100644
index 0000000000000..6bcab40ca7646
--- /dev/null
+++ b/services/keys/ssh_key.go
@@ -0,0 +1,49 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package keys
+
+import (
+	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
+	user_model "code.gitea.io/gitea/models/user"
+)
+
+// DeletePublicKey deletes SSH key information both in database and authorized_keys file.
+func DeletePublicKey(doer *user_model.User, id int64) (err error) {
+	key, err := keys_model.GetPublicKeyByID(id)
+	if err != nil {
+		return err
+	}
+
+	// Check if user has access to delete this key.
+	if !doer.IsAdmin && doer.ID != key.OwnerID {
+		return keys_model.ErrKeyAccessDenied{
+			UserID: doer.ID,
+			KeyID:  key.ID,
+			Note:   "public",
+		}
+	}
+
+	ctx, committer, err := db.TxContext()
+	if err != nil {
+		return err
+	}
+	defer committer.Close()
+
+	if err = keys_model.DeletePublicKeys(ctx, id); err != nil {
+		return err
+	}
+
+	if err = committer.Commit(); err != nil {
+		return err
+	}
+	committer.Close()
+
+	if key.Type == keys_model.KeyTypePrincipal {
+		return keys_model.RewriteAllPrincipalKeys()
+	}
+
+	return keys_model.RewriteAllPublicKeys()
+}
diff --git a/services/keys/ssh_key_test.go b/services/keys/ssh_key_test.go
new file mode 100644
index 0000000000000..fe384a23ed7dd
--- /dev/null
+++ b/services/keys/ssh_key_test.go
@@ -0,0 +1,83 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package keys
+
+import (
+	"testing"
+
+	keys_model "code.gitea.io/gitea/models/keys"
+	"code.gitea.io/gitea/models/login"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAddLdapSSHPublicKeys(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}).(*user_model.User)
+	s := &login.Source{ID: 1}
+
+	testCases := []struct {
+		keyString   string
+		number      int
+		keyContents []string
+	}{
+		{
+			keyString: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
+			number:    1,
+			keyContents: []string{
+				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM=",
+			},
+		},
+		{
+			keyString: `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment
+ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment`,
+			number: 2,
+			keyContents: []string{
+				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM=",
+				"ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag=",
+			},
+		},
+		{
+			keyString: `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment
+# comment asmdna,ndp
+ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment`,
+			number: 2,
+			keyContents: []string{
+				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM=",
+				"ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag=",
+			},
+		},
+		{
+			keyString: `ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment
+382488320jasdj1lasmva/vasodifipi4193-fksma.cm
+ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag= nocomment`,
+			number: 2,
+			keyContents: []string{
+				"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM=",
+				"ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ibZ2OkQ3S0SqDIa0HXSEJ1zaExQdmbO+Ux/wsytWZmCczWOVsaszBZSl90q8UnWlSH6P+/YA+RWJm5SFtuV9PtGIhyZgoNuz5kBQ7K139wuQsecdKktISwTakzAAAAFQCzKsO2JhNKlL+wwwLGOcLffoAmkwAAAIBpK7/3xvduajLBD/9vASqBQIHrgK2J+wiQnIb/Wzy0UsVmvfn8A+udRbBo+csM8xrSnlnlJnjkJS3qiM5g+eTwsLIV1IdKPEwmwB+VcP53Cw6lSyWyJcvhFb0N6s08NZysLzvj0N+ZC/FnhKTLzIyMtkHf/IrPCwlM+pV/M/96YgAAAIEAqQcGn9CKgzgPaguIZooTAOQdvBLMI5y0bQjOW6734XOpqQGf/Kra90wpoasLKZjSYKNPjE+FRUOrStLrxcNs4BeVKhy2PYTRnybfYVk1/dmKgH6P1YSRONsGKvTsH6c5IyCRG0ncCgYeF8tXppyd642982daopE7zQ/NPAnJfag=",
+			},
+		},
+	}
+
+	for i, kase := range testCases {
+		s.ID = int64(i) + 20
+		keys_model.AddPublicKeysBySource(user, s, []string{kase.keyString})
+		keys, err := keys_model.ListPublicKeysBySource(user.ID, s.ID)
+		assert.NoError(t, err)
+		if err != nil {
+			continue
+		}
+		assert.Len(t, keys, kase.number)
+
+		for _, key := range keys {
+			assert.Contains(t, kase.keyContents, key.Content)
+		}
+		for _, key := range keys {
+			DeletePublicKey(user, key.ID)
+		}
+	}
+}
diff --git a/services/repository/files/commit.go b/services/repository/files/commit.go
index 6bff1bb97fad3..99343974a2aec 100644
--- a/services/repository/files/commit.go
+++ b/services/repository/files/commit.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 
 	"code.gitea.io/gitea/models"
+	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -55,7 +56,7 @@ func CountDivergingCommits(repo *repo_model.Repository, branch string) (*git.Div
 // GetPayloadCommitVerification returns the verification information of a commit
 func GetPayloadCommitVerification(commit *git.Commit) *structs.PayloadCommitVerification {
 	verification := &structs.PayloadCommitVerification{}
-	commitVerification := models.ParseCommitWithSignature(commit)
+	commitVerification := keys_model.ParseCommitWithSignature(commit)
 	if commit.Signature != nil {
 		verification.Signature = commit.Signature.Signature
 		verification.Payload = commit.Signature.Payload
diff --git a/services/repository/repository.go b/services/repository/repository.go
index 0b97148f66e03..3e116f8ae6648 100644
--- a/services/repository/repository.go
+++ b/services/repository/repository.go
@@ -31,13 +31,19 @@ func CreateRepository(doer, owner *user_model.User, opts models.CreateRepoOption
 }
 
 // DeleteRepository deletes a repository for a user or organization.
+<<<<<<< HEAD
 func DeleteRepository(doer *user_model.User, repo *repo_model.Repository) error {
+=======
+func DeleteRepository(doer *user_model.User, repo *models.Repository, notify bool) error {
+>>>>>>> 3db02666b (Move keys to models/keys)
 	if err := pull_service.CloseRepoBranchesPulls(doer, repo); err != nil {
 		log.Error("CloseRepoBranchesPulls failed: %v", err)
 	}
 
-	// If the repo itself has webhooks, we need to trigger them before deleting it...
-	notification.NotifyDeleteRepository(doer, repo)
+	if notify {
+		// If the repo itself has webhooks, we need to trigger them before deleting it...
+		notification.NotifyDeleteRepository(doer, repo)
+	}
 
 	err := models.DeleteRepository(doer, repo.OwnerID, repo.ID)
 	return err
diff --git a/services/user/user.go b/services/user/user.go
index 72052f4ec9b30..7b6681e32934f 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -15,6 +15,7 @@ import (
 	"code.gitea.io/gitea/models"
 	admin_model "code.gitea.io/gitea/models/admin"
 	"code.gitea.io/gitea/models/db"
+	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/avatar"
@@ -31,11 +32,11 @@ func DeleteUser(u *user_model.User) error {
 		return fmt.Errorf("%s is an organization not a user", u.Name)
 	}
 
-	ctx, commiter, err := db.TxContext()
+	ctx, committer, err := db.TxContext()
 	if err != nil {
 		return err
 	}
-	defer commiter.Close()
+	defer committer.Close()
 
 	// Note: A user owns any repository or belongs to any organization
 	//	cannot perform delete operation.
@@ -60,14 +61,15 @@ func DeleteUser(u *user_model.User) error {
 		return fmt.Errorf("DeleteUser: %v", err)
 	}
 
-	if err := commiter.Commit(); err != nil {
+	if err := committer.Commit(); err != nil {
 		return err
 	}
+	committer.Close()
 
-	if err = models.RewriteAllPublicKeys(); err != nil {
+	if err = keys_model.RewriteAllPublicKeys(); err != nil {
 		return err
 	}
-	if err = models.RewriteAllPrincipalKeys(); err != nil {
+	if err = keys_model.RewriteAllPrincipalKeys(); err != nil {
 		return err
 	}
 

From 8dbb09052baaf112b6cb8f041a0db14e69dadc62 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 6 Dec 2021 15:58:55 +0800
Subject: [PATCH 2/9] Rename models/keys -> models/asymkey

---
 cmd/admin.go                                  |   4 +-
 cmd/serv.go                                   |   6 +-
 .../doc/advanced/config-cheat-sheet.en-us.md  |   2 +-
 integrations/api_admin_test.go                |   6 +-
 integrations/api_keys_test.go                 |   8 +-
 integrations/api_private_serv_test.go         |   8 +-
 models/{keys => asymkey}/error.go             |   0
 models/{keys => asymkey}/gpg_key.go           |   0
 models/{keys => asymkey}/gpg_key_add.go       |   0
 .../gpg_key_commit_verification.go            |   0
 models/{keys => asymkey}/gpg_key_common.go    |   0
 models/{keys => asymkey}/gpg_key_import.go    |   0
 models/{keys => asymkey}/gpg_key_test.go      |   0
 models/{keys => asymkey}/gpg_key_verify.go    |   0
 models/asymkey/main_test.go                   |  20 ++
 models/{keys => asymkey}/ssh_key.go           |   0
 .../ssh_key_authorized_keys.go                |   0
 .../ssh_key_authorized_principals.go          |   0
 models/{keys => asymkey}/ssh_key_deploy.go    |   0
 .../{keys => asymkey}/ssh_key_fingerprint.go  |   0
 models/{keys => asymkey}/ssh_key_parse.go     |   0
 .../{keys => asymkey}/ssh_key_principals.go   |   0
 models/{keys => asymkey}/ssh_key_test.go      |   0
 models/commit_status.go                       |   1 +
 models/error.go                               |  16 --
 models/pull_sign.go                           | 134 ------------
 models/repo.go                                |  51 ++++-
 models/statistic.go                           |   6 +-
 models/user.go                                |  10 +-
 modules/context/repo.go                       |   7 +-
 modules/convert/convert.go                    |  14 +-
 modules/doctor/authorizedkeys.go              |   8 +-
 modules/gitgraph/graph_models.go              |   8 +-
 modules/private/serv.go                       |   8 +-
 modules/repository/init.go                    |   3 +-
 modules/ssh/ssh.go                            |  10 +-
 routers/api/v1/admin/user.go                  |  10 +-
 routers/api/v1/misc/signing.go                |   4 +-
 routers/api/v1/repo/key.go                    |  36 ++--
 routers/api/v1/repo/pull.go                   |   3 +-
 routers/api/v1/repo/repo.go                   |   6 +-
 routers/api/v1/user/gpg_key.go                |  52 ++---
 routers/api/v1/user/key.go                    |  36 ++--
 routers/init.go                               |   4 +-
 routers/private/hook_verification.go          |   4 +-
 routers/private/key.go                        |  12 +-
 routers/private/serv.go                       |  24 +--
 routers/web/repo/commit.go                    |   6 +-
 routers/web/repo/issue.go                     |   7 +-
 routers/web/repo/repo.go                      |   6 +-
 routers/web/repo/setting.go                   |  30 +--
 routers/web/repo/settings_test.go             |   6 +-
 routers/web/repo/view.go                      |   6 +-
 routers/web/user/home.go                      |  10 +-
 routers/web/user/setting/keys.go              |  76 +++----
 services/{keys => asymkey}/deploy_key.go      |   4 +-
 services/{keys => asymkey}/main_test.go       |   2 +-
 .../repo_sign.go => services/asymkey/sign.go  | 195 +++++++++++++-----
 services/{keys => asymkey}/ssh_key.go         |  16 +-
 services/{keys => asymkey}/ssh_key_test.go    |   8 +-
 .../auth/source/ldap/source_authenticate.go   |  10 +-
 services/auth/source/ldap/source_sync.go      |  10 +-
 services/cron/tasks_extended.go               |   6 +-
 services/pull/merge.go                        |   5 +-
 services/repository/archiver/archiver.go      |   2 +-
 services/repository/files/commit.go           |   4 +-
 services/repository/files/temp_repo.go        |   3 +-
 services/repository/files/update.go           |   5 +-
 services/user/user.go                         |   6 +-
 services/wiki/wiki.go                         |   5 +-
 70 files changed, 491 insertions(+), 458 deletions(-)
 rename models/{keys => asymkey}/error.go (100%)
 rename models/{keys => asymkey}/gpg_key.go (100%)
 rename models/{keys => asymkey}/gpg_key_add.go (100%)
 rename models/{keys => asymkey}/gpg_key_commit_verification.go (100%)
 rename models/{keys => asymkey}/gpg_key_common.go (100%)
 rename models/{keys => asymkey}/gpg_key_import.go (100%)
 rename models/{keys => asymkey}/gpg_key_test.go (100%)
 rename models/{keys => asymkey}/gpg_key_verify.go (100%)
 create mode 100644 models/asymkey/main_test.go
 rename models/{keys => asymkey}/ssh_key.go (100%)
 rename models/{keys => asymkey}/ssh_key_authorized_keys.go (100%)
 rename models/{keys => asymkey}/ssh_key_authorized_principals.go (100%)
 rename models/{keys => asymkey}/ssh_key_deploy.go (100%)
 rename models/{keys => asymkey}/ssh_key_fingerprint.go (100%)
 rename models/{keys => asymkey}/ssh_key_parse.go (100%)
 rename models/{keys => asymkey}/ssh_key_principals.go (100%)
 rename models/{keys => asymkey}/ssh_key_test.go (100%)
 delete mode 100644 models/pull_sign.go
 rename services/{keys => asymkey}/deploy_key.go (92%)
 rename services/{keys => asymkey}/main_test.go (95%)
 rename models/repo_sign.go => services/asymkey/sign.go (58%)
 rename services/{keys => asymkey}/ssh_key.go (68%)
 rename services/{keys => asymkey}/ssh_key_test.go (97%)

diff --git a/cmd/admin.go b/cmd/admin.go
index e382c68e68e0f..f36e9f5de7eee 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -14,8 +14,8 @@ import (
 	"text/tabwriter"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -626,7 +626,7 @@ func runRegenerateKeys(_ *cli.Context) error {
 	if err := initDB(ctx); err != nil {
 		return err
 	}
-	return keys_model.RewriteAllPublicKeys()
+	return asymkey_model.RewriteAllPublicKeys()
 }
 
 func parseOAuth2Config(c *cli.Context) *oauth2.Source {
diff --git a/cmd/serv.go b/cmd/serv.go
index 9c7c5e4302473..c3c9eff195dd7 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -17,7 +17,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
@@ -130,9 +130,9 @@ func runServ(c *cli.Context) error {
 			return fail("Internal error", "Failed to check provided key: %v", err)
 		}
 		switch key.Type {
-		case keys_model.KeyTypeDeploy:
+		case asymkey_model.KeyTypeDeploy:
 			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
-		case keys_model.KeyTypePrincipal:
+		case asymkey_model.KeyTypePrincipal:
 			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
 		default:
 			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index 61e53e17d9267..786dbc8066a36 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -277,7 +277,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
-- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `keys_model.PublicKey` and the others are strings which are shellquoted.
+- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `asymkey_model.PublicKey` and the others are strings which are shellquoted.
 - `SSH_SERVER_CIPHERS`: **aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_KEY_EXCHANGES`: **diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
diff --git a/integrations/api_admin_test.go b/integrations/api_admin_test.go
index 98971319caff7..b935d3eac5948 100644
--- a/integrations/api_admin_test.go
+++ b/integrations/api_admin_test.go
@@ -9,7 +9,7 @@ import (
 	"net/http"
 	"testing"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/json"
@@ -34,7 +34,7 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
 
 	var newPublicKey api.PublicKey
 	DecodeJSON(t, resp, &newPublicKey)
-	unittest.AssertExistsAndLoadBean(t, &keys_model.PublicKey{
+	unittest.AssertExistsAndLoadBean(t, &asymkey_model.PublicKey{
 		ID:          newPublicKey.ID,
 		Name:        newPublicKey.Title,
 		Content:     newPublicKey.Key,
@@ -45,7 +45,7 @@ func TestAPIAdminCreateAndDeleteSSHKey(t *testing.T) {
 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d?token=%s",
 		keyOwner.Name, newPublicKey.ID, token)
 	session.MakeRequest(t, req, http.StatusNoContent)
-	unittest.AssertNotExistsBean(t, &keys_model.PublicKey{ID: newPublicKey.ID})
+	unittest.AssertNotExistsBean(t, &asymkey_model.PublicKey{ID: newPublicKey.ID})
 }
 
 func TestAPIAdminDeleteMissingSSHKey(t *testing.T) {
diff --git a/integrations/api_keys_test.go b/integrations/api_keys_test.go
index 854436ec74ebb..b1f455d9323c1 100644
--- a/integrations/api_keys_test.go
+++ b/integrations/api_keys_test.go
@@ -10,7 +10,7 @@ import (
 	"net/url"
 	"testing"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
@@ -65,7 +65,7 @@ func TestCreateReadOnlyDeployKey(t *testing.T) {
 
 	var newDeployKey api.DeployKey
 	DecodeJSON(t, resp, &newDeployKey)
-	unittest.AssertExistsAndLoadBean(t, &keys_model.DeployKey{
+	unittest.AssertExistsAndLoadBean(t, &asymkey_model.DeployKey{
 		ID:      newDeployKey.ID,
 		Name:    rawKeyBody.Title,
 		Content: rawKeyBody.Key,
@@ -90,7 +90,7 @@ func TestCreateReadWriteDeployKey(t *testing.T) {
 
 	var newDeployKey api.DeployKey
 	DecodeJSON(t, resp, &newDeployKey)
-	unittest.AssertExistsAndLoadBean(t, &keys_model.DeployKey{
+	unittest.AssertExistsAndLoadBean(t, &asymkey_model.DeployKey{
 		ID:      newDeployKey.ID,
 		Name:    rawKeyBody.Title,
 		Content: rawKeyBody.Key,
@@ -116,7 +116,7 @@ func TestCreateUserKey(t *testing.T) {
 
 	var newPublicKey api.PublicKey
 	DecodeJSON(t, resp, &newPublicKey)
-	unittest.AssertExistsAndLoadBean(t, &keys_model.PublicKey{
+	unittest.AssertExistsAndLoadBean(t, &asymkey_model.PublicKey{
 		ID:      newPublicKey.ID,
 		OwnerID: user.ID,
 		Name:    rawKeyBody.Title,
diff --git a/integrations/api_private_serv_test.go b/integrations/api_private_serv_test.go
index 5294f801f7505..68308bafc5a6a 100644
--- a/integrations/api_private_serv_test.go
+++ b/integrations/api_private_serv_test.go
@@ -9,7 +9,7 @@ import (
 	"net/url"
 	"testing"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/private"
 
@@ -27,7 +27,7 @@ func TestAPIPrivateNoServ(t *testing.T) {
 		assert.Equal(t, int64(1), key.ID)
 		assert.Equal(t, "user2@localhost", key.Name)
 
-		deployKey, err := keys_model.AddDeployKey(1, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
+		deployKey, err := asymkey_model.AddDeployKey(1, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
 		assert.NoError(t, err)
 
 		key, user, err = private.ServNoCommand(ctx, deployKey.KeyID)
@@ -85,7 +85,7 @@ func TestAPIPrivateServ(t *testing.T) {
 		assert.Empty(t, results)
 
 		// Add reading deploy key
-		deployKey, err := keys_model.AddDeployKey(19, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", true)
+		deployKey, err := asymkey_model.AddDeployKey(19, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", true)
 		assert.NoError(t, err)
 
 		// Can pull from repo we're a deploy key for
@@ -117,7 +117,7 @@ func TestAPIPrivateServ(t *testing.T) {
 		assert.Empty(t, results)
 
 		// Add writing deploy key
-		deployKey, err = keys_model.AddDeployKey(20, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
+		deployKey, err = asymkey_model.AddDeployKey(20, "test-deploy", "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", false)
 		assert.NoError(t, err)
 
 		// Cannot push to a private repo with reading key
diff --git a/models/keys/error.go b/models/asymkey/error.go
similarity index 100%
rename from models/keys/error.go
rename to models/asymkey/error.go
diff --git a/models/keys/gpg_key.go b/models/asymkey/gpg_key.go
similarity index 100%
rename from models/keys/gpg_key.go
rename to models/asymkey/gpg_key.go
diff --git a/models/keys/gpg_key_add.go b/models/asymkey/gpg_key_add.go
similarity index 100%
rename from models/keys/gpg_key_add.go
rename to models/asymkey/gpg_key_add.go
diff --git a/models/keys/gpg_key_commit_verification.go b/models/asymkey/gpg_key_commit_verification.go
similarity index 100%
rename from models/keys/gpg_key_commit_verification.go
rename to models/asymkey/gpg_key_commit_verification.go
diff --git a/models/keys/gpg_key_common.go b/models/asymkey/gpg_key_common.go
similarity index 100%
rename from models/keys/gpg_key_common.go
rename to models/asymkey/gpg_key_common.go
diff --git a/models/keys/gpg_key_import.go b/models/asymkey/gpg_key_import.go
similarity index 100%
rename from models/keys/gpg_key_import.go
rename to models/asymkey/gpg_key_import.go
diff --git a/models/keys/gpg_key_test.go b/models/asymkey/gpg_key_test.go
similarity index 100%
rename from models/keys/gpg_key_test.go
rename to models/asymkey/gpg_key_test.go
diff --git a/models/keys/gpg_key_verify.go b/models/asymkey/gpg_key_verify.go
similarity index 100%
rename from models/keys/gpg_key_verify.go
rename to models/asymkey/gpg_key_verify.go
diff --git a/models/asymkey/main_test.go b/models/asymkey/main_test.go
new file mode 100644
index 0000000000000..f19895616c900
--- /dev/null
+++ b/models/asymkey/main_test.go
@@ -0,0 +1,20 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package asymkey
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m, filepath.Join("..", ".."),
+		"gpg_key.yml",
+		"public_key.yml",
+		"deploy_key.yml",
+	)
+}
diff --git a/models/keys/ssh_key.go b/models/asymkey/ssh_key.go
similarity index 100%
rename from models/keys/ssh_key.go
rename to models/asymkey/ssh_key.go
diff --git a/models/keys/ssh_key_authorized_keys.go b/models/asymkey/ssh_key_authorized_keys.go
similarity index 100%
rename from models/keys/ssh_key_authorized_keys.go
rename to models/asymkey/ssh_key_authorized_keys.go
diff --git a/models/keys/ssh_key_authorized_principals.go b/models/asymkey/ssh_key_authorized_principals.go
similarity index 100%
rename from models/keys/ssh_key_authorized_principals.go
rename to models/asymkey/ssh_key_authorized_principals.go
diff --git a/models/keys/ssh_key_deploy.go b/models/asymkey/ssh_key_deploy.go
similarity index 100%
rename from models/keys/ssh_key_deploy.go
rename to models/asymkey/ssh_key_deploy.go
diff --git a/models/keys/ssh_key_fingerprint.go b/models/asymkey/ssh_key_fingerprint.go
similarity index 100%
rename from models/keys/ssh_key_fingerprint.go
rename to models/asymkey/ssh_key_fingerprint.go
diff --git a/models/keys/ssh_key_parse.go b/models/asymkey/ssh_key_parse.go
similarity index 100%
rename from models/keys/ssh_key_parse.go
rename to models/asymkey/ssh_key_parse.go
diff --git a/models/keys/ssh_key_principals.go b/models/asymkey/ssh_key_principals.go
similarity index 100%
rename from models/keys/ssh_key_principals.go
rename to models/asymkey/ssh_key_principals.go
diff --git a/models/keys/ssh_key_test.go b/models/asymkey/ssh_key_test.go
similarity index 100%
rename from models/keys/ssh_key_test.go
rename to models/asymkey/ssh_key_test.go
diff --git a/models/commit_status.go b/models/commit_status.go
index 317cf853e0bf0..697f53be5954c 100644
--- a/models/commit_status.go
+++ b/models/commit_status.go
@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	keys "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
diff --git a/models/error.go b/models/error.go
index 95646049e2cc8..54556fd787528 100644
--- a/models/error.go
+++ b/models/error.go
@@ -617,22 +617,6 @@ func (err ErrUserDoesNotHaveAccessToRepo) Error() string {
 	return fmt.Sprintf("user doesn't have access to repo [user_id: %d, repo_name: %s]", err.UserID, err.RepoName)
 }
 
-// ErrWontSign explains the first reason why a commit would not be signed
-// There may be other reasons - this is just the first reason found
-type ErrWontSign struct {
-	Reason signingMode
-}
-
-func (e *ErrWontSign) Error() string {
-	return fmt.Sprintf("wont sign: %s", e.Reason)
-}
-
-// IsErrWontSign checks if an error is a ErrWontSign
-func IsErrWontSign(err error) bool {
-	_, ok := err.(*ErrWontSign)
-	return ok
-}
-
 // __________                             .__
 // \______   \____________    ____   ____ |  |__
 //  |    |  _/\_  __ \__  \  /    \_/ ___\|  |  \
diff --git a/models/pull_sign.go b/models/pull_sign.go
deleted file mode 100644
index 194ce21e3534e..0000000000000
--- a/models/pull_sign.go
+++ /dev/null
@@ -1,134 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package models
-
-import (
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/keys"
-	"code.gitea.io/gitea/models/login"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-)
-
-// SignMerge determines if we should sign a PR merge commit to the base repository
-func (pr *PullRequest) SignMerge(u *user_model.User, tmpBasePath, baseCommit, headCommit string) (bool, string, *git.Signature, error) {
-	if err := pr.LoadBaseRepo(); err != nil {
-		log.Error("Unable to get Base Repo for pull request")
-		return false, "", nil, err
-	}
-	repo := pr.BaseRepo
-
-	signingKey, signer := SigningKey(repo.RepoPath())
-	if signingKey == "" {
-		return false, "", nil, &ErrWontSign{noKey}
-	}
-	rules := signingModeFromStrings(setting.Repository.Signing.Merges)
-
-	var gitRepo *git.Repository
-	var err error
-
-Loop:
-	for _, rule := range rules {
-		switch rule {
-		case never:
-			return false, "", nil, &ErrWontSign{never}
-		case always:
-			break Loop
-		case pubkey:
-			keys, err := keys.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
-			if err != nil {
-				return false, "", nil, err
-			}
-			if len(keys) == 0 {
-				return false, "", nil, &ErrWontSign{pubkey}
-			}
-		case twofa:
-			twofaModel, err := login.GetTwoFactorByUID(u.ID)
-			if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
-				return false, "", nil, err
-			}
-			if twofaModel == nil {
-				return false, "", nil, &ErrWontSign{twofa}
-			}
-		case approved:
-			protectedBranch, err := GetProtectedBranchBy(repo.ID, pr.BaseBranch)
-			if err != nil {
-				return false, "", nil, err
-			}
-			if protectedBranch == nil {
-				return false, "", nil, &ErrWontSign{approved}
-			}
-			if protectedBranch.GetGrantedApprovalsCount(pr) < 1 {
-				return false, "", nil, &ErrWontSign{approved}
-			}
-		case baseSigned:
-			if gitRepo == nil {
-				gitRepo, err = git.OpenRepository(tmpBasePath)
-				if err != nil {
-					return false, "", nil, err
-				}
-				defer gitRepo.Close()
-			}
-			commit, err := gitRepo.GetCommit(baseCommit)
-			if err != nil {
-				return false, "", nil, err
-			}
-			verification := keys.ParseCommitWithSignature(commit)
-			if !verification.Verified {
-				return false, "", nil, &ErrWontSign{baseSigned}
-			}
-		case headSigned:
-			if gitRepo == nil {
-				gitRepo, err = git.OpenRepository(tmpBasePath)
-				if err != nil {
-					return false, "", nil, err
-				}
-				defer gitRepo.Close()
-			}
-			commit, err := gitRepo.GetCommit(headCommit)
-			if err != nil {
-				return false, "", nil, err
-			}
-			verification := keys.ParseCommitWithSignature(commit)
-			if !verification.Verified {
-				return false, "", nil, &ErrWontSign{headSigned}
-			}
-		case commitsSigned:
-			if gitRepo == nil {
-				gitRepo, err = git.OpenRepository(tmpBasePath)
-				if err != nil {
-					return false, "", nil, err
-				}
-				defer gitRepo.Close()
-			}
-			commit, err := gitRepo.GetCommit(headCommit)
-			if err != nil {
-				return false, "", nil, err
-			}
-			verification := keys.ParseCommitWithSignature(commit)
-			if !verification.Verified {
-				return false, "", nil, &ErrWontSign{commitsSigned}
-			}
-			// need to work out merge-base
-			mergeBaseCommit, _, err := gitRepo.GetMergeBase("", baseCommit, headCommit)
-			if err != nil {
-				return false, "", nil, err
-			}
-			commitList, err := commit.CommitsBeforeUntil(mergeBaseCommit)
-			if err != nil {
-				return false, "", nil, err
-			}
-			for _, commit := range commitList {
-				verification := keys.ParseCommitWithSignature(commit)
-				if !verification.Verified {
-					return false, "", nil, &ErrWontSign{commitsSigned}
-				}
-			}
-		}
-	}
-	return true, signingKey, signer, nil
-}
diff --git a/models/repo.go b/models/repo.go
index 35b68afe278ea..351e908c96f9d 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -20,8 +20,8 @@ import (
 	_ "image/jpeg" // Needed for jpeg support
 
 	admin_model "code.gitea.io/gitea/models/admin"
+	keys "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -1587,3 +1587,52 @@ func LinkedRepository(a *repo_model.Attachment) (*repo_model.Repository, unit.Ty
 	}
 	return nil, -1, nil
 }
+
+// DeleteDeployKey delete deploy keys
+func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
+	key, err := keys.GetDeployKeyByID(ctx, id)
+	if err != nil {
+		if keys.IsErrDeployKeyNotExist(err) {
+			return nil
+		}
+		return fmt.Errorf("GetDeployKeyByID: %v", err)
+	}
+
+	sess := db.GetEngine(ctx)
+
+	// Check if user has access to delete this key.
+	if !doer.IsAdmin {
+		repo, err := getRepositoryByID(sess, key.RepoID)
+		if err != nil {
+			return fmt.Errorf("GetRepositoryByID: %v", err)
+		}
+		has, err := isUserRepoAdmin(sess, repo, doer)
+		if err != nil {
+			return fmt.Errorf("GetUserRepoPermission: %v", err)
+		} else if !has {
+			return keys.ErrKeyAccessDenied{
+				UserID: doer.ID,
+				KeyID:  key.ID,
+				Note:   "deploy",
+			}
+		}
+	}
+
+	if _, err = sess.ID(key.ID).Delete(new(keys.DeployKey)); err != nil {
+		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
+	}
+
+	// Check if this is the last reference to same key content.
+	has, err := sess.
+		Where("key_id = ?", key.KeyID).
+		Get(new(keys.DeployKey))
+	if err != nil {
+		return err
+	} else if !has {
+		if err = keys.DeletePublicKeys(ctx, key.KeyID); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
diff --git a/models/statistic.go b/models/statistic.go
index e8fa522e3ab40..f15168597224f 100644
--- a/models/statistic.go
+++ b/models/statistic.go
@@ -5,8 +5,8 @@
 package models
 
 import (
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
@@ -48,11 +48,15 @@ func GetStatistic() (stats Statistic) {
 	e := db.GetEngine(db.DefaultContext)
 	stats.Counter.User = user_model.CountUsers()
 	stats.Counter.Org = CountOrganizations()
+<<<<<<< HEAD
 <<<<<<< HEAD
 	stats.Counter.PublicKey, _ = e.Count(new(PublicKey))
 	stats.Counter.Repo = repo_model.CountRepositories(true)
 =======
 	stats.Counter.PublicKey, _ = e.Count(new(keys.PublicKey))
+=======
+	stats.Counter.PublicKey, _ = e.Count(new(asymkey_model.PublicKey))
+>>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
 	stats.Counter.Repo = CountRepositories(true)
 >>>>>>> 3db02666b (Move keys to models/keys)
 	stats.Counter.Watch, _ = e.Count(new(Watch))
diff --git a/models/user.go b/models/user.go
index 0c6d5ff7d6d21..2a727dd1243a4 100644
--- a/models/user.go
+++ b/models/user.go
@@ -12,8 +12,8 @@ import (
 
 	_ "image/jpeg" // Needed for jpeg support
 
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -235,23 +235,23 @@ func DeleteUser(ctx context.Context, u *user_model.User) (err error) {
 	}
 
 	// ***** START: PublicKey *****
-	if _, err = e.Delete(&keys_model.PublicKey{OwnerID: u.ID}); err != nil {
+	if _, err = e.Delete(&asymkey_model.PublicKey{OwnerID: u.ID}); err != nil {
 		return fmt.Errorf("deletePublicKeys: %v", err)
 	}
 	// ***** END: PublicKey *****
 
 	// ***** START: GPGPublicKey *****
-	keys, err := keys_model.ListGPGKeys(ctx, u.ID, db.ListOptions{})
+	keys, err := asymkey_model.ListGPGKeys(ctx, u.ID, db.ListOptions{})
 	if err != nil {
 		return fmt.Errorf("ListGPGKeys: %v", err)
 	}
 	// Delete GPGKeyImport(s).
 	for _, key := range keys {
-		if _, err = e.Delete(&keys_model.GPGKeyImport{KeyID: key.KeyID}); err != nil {
+		if _, err = e.Delete(&asymkey_model.GPGKeyImport{KeyID: key.KeyID}); err != nil {
 			return fmt.Errorf("deleteGPGKeyImports: %v", err)
 		}
 	}
-	if _, err = e.Delete(&keys_model.GPGKey{OwnerID: u.ID}); err != nil {
+	if _, err = e.Delete(&asymkey_model.GPGKey{OwnerID: u.ID}); err != nil {
 		return fmt.Errorf("deleteGPGKeys: %v", err)
 	}
 	// ***** END: GPGPublicKey *****
diff --git a/modules/context/repo.go b/modules/context/repo.go
index 694c483bd4afb..1725cb724d7f9 100644
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -25,6 +25,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 
 	"github.com/editorconfig/editorconfig-core-go/v2"
 	"github.com/unknwon/com"
@@ -120,7 +121,7 @@ func (r *Repository) CanCommitToBranch(doer *user_model.User) (CanCommitToBranch
 		requireSigned = protectedBranch.RequireSignedCommits
 	}
 
-	sign, keyID, _, err := models.SignCRUDAction(r.Repository, doer, r.Repository.RepoPath(), git.BranchPrefix+r.BranchName)
+	sign, keyID, _, err := asymkey_service.SignCRUDAction(r.Repository.RepoPath(), doer, r.Repository.RepoPath(), git.BranchPrefix+r.BranchName)
 
 	canCommit := r.CanEnableEditor() && userCanPush
 	if requireSigned {
@@ -128,8 +129,8 @@ func (r *Repository) CanCommitToBranch(doer *user_model.User) (CanCommitToBranch
 	}
 	wontSignReason := ""
 	if err != nil {
-		if models.IsErrWontSign(err) {
-			wontSignReason = string(err.(*models.ErrWontSign).Reason)
+		if asymkey_service.IsErrWontSign(err) {
+			wontSignReason = string(err.(*asymkey_service.ErrWontSign).Reason)
 			err = nil
 		} else {
 			wontSignReason = "error"
diff --git a/modules/convert/convert.go b/modules/convert/convert.go
index 9ffc10ca120cc..1c78c35cda723 100644
--- a/modules/convert/convert.go
+++ b/modules/convert/convert.go
@@ -12,7 +12,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/login"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -153,7 +153,7 @@ func ToTag(repo *repo_model.Repository, t *git.Tag) *api.Tag {
 
 // ToVerification convert a git.Commit.Signature to an api.PayloadCommitVerification
 func ToVerification(c *git.Commit) *api.PayloadCommitVerification {
-	verif := keys_model.ParseCommitWithSignature(c)
+	verif := asymkey_model.ParseCommitWithSignature(c)
 	commitVerification := &api.PayloadCommitVerification{
 		Verified: verif.Verified,
 		Reason:   verif.Reason,
@@ -171,8 +171,8 @@ func ToVerification(c *git.Commit) *api.PayloadCommitVerification {
 	return commitVerification
 }
 
-// ToPublicKey convert keys_model.PublicKey to api.PublicKey
-func ToPublicKey(apiLink string, key *keys_model.PublicKey) *api.PublicKey {
+// ToPublicKey convert asymkey_model.PublicKey to api.PublicKey
+func ToPublicKey(apiLink string, key *asymkey_model.PublicKey) *api.PublicKey {
 	return &api.PublicKey{
 		ID:          key.ID,
 		Key:         key.Content,
@@ -184,7 +184,7 @@ func ToPublicKey(apiLink string, key *keys_model.PublicKey) *api.PublicKey {
 }
 
 // ToGPGKey converts models.GPGKey to api.GPGKey
-func ToGPGKey(key *keys_model.GPGKey) *api.GPGKey {
+func ToGPGKey(key *asymkey_model.GPGKey) *api.GPGKey {
 	subkeys := make([]*api.GPGKey, len(key.SubsKey))
 	for id, k := range key.SubsKey {
 		subkeys[id] = &api.GPGKey{
@@ -265,8 +265,8 @@ func ToGitHook(h *git.Hook) *api.GitHook {
 	}
 }
 
-// ToDeployKey convert keys_model.DeployKey to api.DeployKey
-func ToDeployKey(apiLink string, key *keys_model.DeployKey) *api.DeployKey {
+// ToDeployKey convert asymkey_model.DeployKey to api.DeployKey
+func ToDeployKey(apiLink string, key *asymkey_model.DeployKey) *api.DeployKey {
 	return &api.DeployKey{
 		ID:          key.ID,
 		KeyID:       key.KeyID,
diff --git a/modules/doctor/authorizedkeys.go b/modules/doctor/authorizedkeys.go
index 57a32a417ae53..1a9b60e24828d 100644
--- a/modules/doctor/authorizedkeys.go
+++ b/modules/doctor/authorizedkeys.go
@@ -12,7 +12,7 @@ import (
 	"path/filepath"
 	"strings"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 )
@@ -32,7 +32,7 @@ func checkAuthorizedKeys(logger log.Logger, autofix bool) error {
 			return fmt.Errorf("Unable to open authorized_keys file. ERROR: %v", err)
 		}
 		logger.Warn("Unable to open authorized_keys. (ERROR: %v). Attempting to rewrite...", err)
-		if err = keys_model.RewriteAllPublicKeys(); err != nil {
+		if err = asymkey_model.RewriteAllPublicKeys(); err != nil {
 			logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err)
 			return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %v", err)
 		}
@@ -53,7 +53,7 @@ func checkAuthorizedKeys(logger log.Logger, autofix bool) error {
 
 	// now we regenerate and check if there are any lines missing
 	regenerated := &bytes.Buffer{}
-	if err := keys_model.RegeneratePublicKeys(regenerated); err != nil {
+	if err := asymkey_model.RegeneratePublicKeys(regenerated); err != nil {
 		logger.Critical("Unable to regenerate authorized_keys file. ERROR: %v", err)
 		return fmt.Errorf("Unable to regenerate authorized_keys file. ERROR: %v", err)
 	}
@@ -75,7 +75,7 @@ func checkAuthorizedKeys(logger log.Logger, autofix bool) error {
 			return fmt.Errorf(`authorized_keys is out of date and should be regenerated with "gitea admin regenerate keys" or "gitea doctor --run authorized_keys --fix"`)
 		}
 		logger.Warn("authorized_keys is out of date. Attempting rewrite...")
-		err = keys_model.RewriteAllPublicKeys()
+		err = asymkey_model.RewriteAllPublicKeys()
 		if err != nil {
 			logger.Critical("Unable to rewrite authorized_keys file. ERROR: %v", err)
 			return fmt.Errorf("Unable to rewrite authorized_keys file. ERROR: %v", err)
diff --git a/modules/gitgraph/graph_models.go b/modules/gitgraph/graph_models.go
index dfd6007ee8fea..4cfa96816a1ed 100644
--- a/modules/gitgraph/graph_models.go
+++ b/modules/gitgraph/graph_models.go
@@ -10,8 +10,8 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -114,9 +114,9 @@ func (graph *Graph) LoadAndProcessCommits(repository *repo_model.Repository, git
 			}
 		}
 
-		c.Verification = keys_model.ParseCommitWithSignature(c.Commit)
+		c.Verification = asymkey_model.ParseCommitWithSignature(c.Commit)
 
-		_ = keys_model.CalculateTrustStatus(c.Verification, repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
+		_ = asymkey_model.CalculateTrustStatus(c.Verification, repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
 			return models.IsUserRepoAdmin(repository, user)
 		}, &keyMap)
 
@@ -239,7 +239,7 @@ func newRefsFromRefNames(refNames []byte) []git.Reference {
 type Commit struct {
 	Commit       *git.Commit
 	User         *user_model.User
-	Verification *keys_model.CommitVerification
+	Verification *asymkey_model.CommitVerification
 	Status       *models.CommitStatus
 	Flow         int64
 	Row          int
diff --git a/modules/private/serv.go b/modules/private/serv.go
index 1375ee75a3daf..a7a56df7b30b8 100644
--- a/modules/private/serv.go
+++ b/modules/private/serv.go
@@ -10,7 +10,7 @@ import (
 	"net/http"
 	"net/url"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/json"
@@ -19,12 +19,12 @@ import (
 
 // KeyAndOwner is the response from ServNoCommand
 type KeyAndOwner struct {
-	Key   *keys_model.PublicKey `json:"key"`
-	Owner *user_model.User      `json:"user"`
+	Key   *asymkey_model.PublicKey `json:"key"`
+	Owner *user_model.User         `json:"user"`
 }
 
 // ServNoCommand returns information about the provided key
-func ServNoCommand(ctx context.Context, keyID int64) (*keys_model.PublicKey, *user_model.User, error) {
+func ServNoCommand(ctx context.Context, keyID int64) (*asymkey_model.PublicKey, *user_model.User, error) {
 	reqURL := setting.LocalURL + fmt.Sprintf("api/internal/serv/none/%d",
 		keyID)
 	resp, err := newInternalRequest(ctx, reqURL, "GET").Response()
diff --git a/modules/repository/init.go b/modules/repository/init.go
index cfee1a321551e..08c5aac1b8aad 100644
--- a/modules/repository/init.go
+++ b/modules/repository/init.go
@@ -20,6 +20,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 
 	"github.com/unknwon/com"
 )
@@ -134,7 +135,7 @@ func initRepoCommit(tmpPath string, repo *repo_model.Repository, u *user_model.U
 	}
 
 	if git.CheckGitVersionAtLeast("1.7.9") == nil {
-		sign, keyID, signer, _ := models.SignInitialCommit(tmpPath, u)
+		sign, keyID, signer, _ := asymkey_service.SignInitialCommit(tmpPath, u)
 		if sign {
 			args = append(args, "-S"+keyID)
 
diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go
index ef6f3dfe5a301..a3756fd2af212 100644
--- a/modules/ssh/ssh.go
+++ b/modules/ssh/ssh.go
@@ -22,7 +22,7 @@ import (
 	"sync"
 	"syscall"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -172,9 +172,9 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 		// look for the exact principal
 	principalLoop:
 		for _, principal := range cert.ValidPrincipals {
-			pkey, err := keys_model.SearchPublicKeyByContentExact(principal)
+			pkey, err := asymkey_model.SearchPublicKeyByContentExact(principal)
 			if err != nil {
-				if keys_model.IsErrKeyNotExist(err) {
+				if asymkey_model.IsErrKeyNotExist(err) {
 					log.Debug("Principal Rejected: %s Unknown Principal: %s", ctx.RemoteAddr(), principal)
 					continue principalLoop
 				}
@@ -232,9 +232,9 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 		log.Debug("Handle Public Key: %s Fingerprint: %s is not a certificate", ctx.RemoteAddr(), gossh.FingerprintSHA256(key))
 	}
 
-	pkey, err := keys_model.SearchPublicKeyByContent(strings.TrimSpace(string(gossh.MarshalAuthorizedKey(key))))
+	pkey, err := asymkey_model.SearchPublicKeyByContent(strings.TrimSpace(string(gossh.MarshalAuthorizedKey(key))))
 	if err != nil {
-		if keys_model.IsErrKeyNotExist(err) {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			if log.IsWarn() {
 				log.Warn("Unknown public key: %s from %s", gossh.FingerprintSHA256(key), ctx.RemoteAddr())
 				log.Warn("Failed authentication attempt from %s", ctx.RemoteAddr())
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 0a56730bf04b5..44358b4bef1d7 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -12,8 +12,8 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
@@ -24,7 +24,7 @@ import (
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/user"
 	"code.gitea.io/gitea/routers/api/v1/utils"
-	keys_service "code.gitea.io/gitea/services/keys"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/mailer"
 	user_service "code.gitea.io/gitea/services/user"
 )
@@ -383,10 +383,10 @@ func DeleteUserPublicKey(ctx *context.APIContext) {
 		return
 	}
 
-	if err := keys_service.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {
-		if keys_model.IsErrKeyNotExist(err) {
+	if err := asymkey_service.DeletePublicKey(u, ctx.ParamsInt64(":id")); err != nil {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
-		} else if keys_model.IsErrKeyAccessDenied(err) {
+		} else if asymkey_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteUserPublicKey", err)
diff --git a/routers/api/v1/misc/signing.go b/routers/api/v1/misc/signing.go
index 3c3391bfe736a..e2833173a3f21 100644
--- a/routers/api/v1/misc/signing.go
+++ b/routers/api/v1/misc/signing.go
@@ -8,8 +8,8 @@ import (
 	"fmt"
 	"net/http"
 
-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )
 
 // SigningKey returns the public key of the default signing key if it exists
@@ -52,7 +52,7 @@ func SigningKey(ctx *context.APIContext) {
 		path = ctx.Repo.Repository.RepoPath()
 	}
 
-	content, err := models.PublicSigningKey(path)
+	content, err := asymkey_service.PublicSigningKey(path)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "gpg export", err)
 		return
diff --git a/routers/api/v1/repo/key.go b/routers/api/v1/repo/key.go
index a9ca10bc3dbe3..803a59c5f8636 100644
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -11,8 +11,8 @@ import (
 	"net/url"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/context"
@@ -21,15 +21,19 @@ import (
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
-	keys_service "code.gitea.io/gitea/services/keys"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )
 
 // appendPrivateInformation appends the owner and key type information to api.PublicKey
 <<<<<<< HEAD
+<<<<<<< HEAD
 func appendPrivateInformation(apiKey *api.DeployKey, key *models.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) {
 =======
 func appendPrivateInformation(apiKey *api.DeployKey, key *keys_model.DeployKey, repository *models.Repository) (*api.DeployKey, error) {
 >>>>>>> 3db02666b (Move keys to models/keys)
+=======
+func appendPrivateInformation(apiKey *api.DeployKey, key *asymkey_model.DeployKey, repository *models.Repository) (*api.DeployKey, error) {
+>>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
 	apiKey.ReadOnly = key.Mode == perm.AccessModeRead
 	if repository.ID == key.RepoID {
 		apiKey.Repository = convert.ToRepo(repository, key.Mode)
@@ -85,20 +89,20 @@ func ListDeployKeys(ctx *context.APIContext) {
 	//   "200":
 	//     "$ref": "#/responses/DeployKeyList"
 
-	opts := &keys_model.ListDeployKeysOptions{
+	opts := &asymkey_model.ListDeployKeysOptions{
 		ListOptions: utils.GetListOptions(ctx),
 		RepoID:      ctx.Repo.Repository.ID,
 		KeyID:       ctx.FormInt64("key_id"),
 		Fingerprint: ctx.FormString("fingerprint"),
 	}
 
-	keys, err := keys_model.ListDeployKeys(db.DefaultContext, opts)
+	keys, err := asymkey_model.ListDeployKeys(db.DefaultContext, opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
 	}
 
-	count, err := keys_model.CountDeployKeys(opts)
+	count, err := asymkey_model.CountDeployKeys(opts)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
@@ -149,9 +153,9 @@ func GetDeployKey(ctx *context.APIContext) {
 	//   "200":
 	//     "$ref": "#/responses/DeployKey"
 
-	key, err := keys_model.GetDeployKeyByID(db.DefaultContext, ctx.ParamsInt64(":id"))
+	key, err := asymkey_model.GetDeployKeyByID(db.DefaultContext, ctx.ParamsInt64(":id"))
 	if err != nil {
-		if keys_model.IsErrDeployKeyNotExist(err) {
+		if asymkey_model.IsErrDeployKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetDeployKeyByID", err)
@@ -176,7 +180,7 @@ func GetDeployKey(ctx *context.APIContext) {
 func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
 	if db.IsErrSSHDisabled(err) {
 		ctx.Error(http.StatusUnprocessableEntity, "", "SSH is disabled")
-	} else if keys_model.IsErrKeyUnableVerify(err) {
+	} else if asymkey_model.IsErrKeyUnableVerify(err) {
 		ctx.Error(http.StatusUnprocessableEntity, "", "Unable to verify key content")
 	} else {
 		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("Invalid key content: %v", err))
@@ -186,13 +190,13 @@ func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
 // HandleAddKeyError handle add key error
 func HandleAddKeyError(ctx *context.APIContext, err error) {
 	switch {
-	case keys_model.IsErrDeployKeyAlreadyExist(err):
+	case asymkey_model.IsErrDeployKeyAlreadyExist(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "This key has already been added to this repository")
-	case keys_model.IsErrKeyAlreadyExist(err):
+	case asymkey_model.IsErrKeyAlreadyExist(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "Key content has been used as non-deploy key")
-	case keys_model.IsErrKeyNameAlreadyUsed(err):
+	case asymkey_model.IsErrKeyNameAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "Key title has been used")
-	case keys_model.IsErrDeployKeyNameAlreadyUsed(err):
+	case asymkey_model.IsErrDeployKeyNameAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "", "A key with the same name already exists")
 	default:
 		ctx.Error(http.StatusInternalServerError, "AddKey", err)
@@ -230,13 +234,13 @@ func CreateDeployKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/validationError"
 
 	form := web.GetForm(ctx).(*api.CreateKeyOption)
-	content, err := keys_model.CheckPublicKeyString(form.Key)
+	content, err := asymkey_model.CheckPublicKeyString(form.Key)
 	if err != nil {
 		HandleCheckKeyStringError(ctx, err)
 		return
 	}
 
-	key, err := keys_model.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, form.ReadOnly)
+	key, err := asymkey_model.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, form.ReadOnly)
 	if err != nil {
 		HandleAddKeyError(ctx, err)
 		return
@@ -275,8 +279,8 @@ func DeleteDeploykey(ctx *context.APIContext) {
 	//   "403":
 	//     "$ref": "#/responses/forbidden"
 
-	if err := keys_service.DeleteDeployKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
-		if keys_model.IsErrKeyAccessDenied(err) {
+	if err := asymkey_service.DeleteDeployKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
+		if asymkey_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteDeployKey", err)
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 3e37da24ec5a7..e593819dac177 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -26,6 +26,7 @@ import (
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/utils"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/forms"
 	issue_service "code.gitea.io/gitea/services/issue"
 	pull_service "code.gitea.io/gitea/services/pull"
@@ -810,7 +811,7 @@ func MergePullRequest(ctx *context.APIContext) {
 	}
 
 	if _, err := pull_service.IsSignedIfRequired(pr, ctx.User); err != nil {
-		if !models.IsErrWontSign(err) {
+		if !asymkey_service.IsErrWontSign(err) {
 			ctx.Error(http.StatusInternalServerError, "IsSignedIfRequired", err)
 			return
 		}
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 3e2ccad9f4b42..26e9a4f39306a 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -12,8 +12,8 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
@@ -258,11 +258,15 @@ func CreateUserRepo(ctx *context.APIContext, owner *user_model.User, opt api.Cre
 		IsPrivate:     opt.Private,
 		AutoInit:      opt.AutoInit,
 		DefaultBranch: opt.DefaultBranch,
+<<<<<<< HEAD
 <<<<<<< HEAD
 		TrustModel:    repo_model.ToTrustModel(opt.TrustModel),
 =======
 		TrustModel:    keys_model.ToTrustModel(opt.TrustModel),
 >>>>>>> 3db02666b (Move keys to models/keys)
+=======
+		TrustModel:    asymkey_model.ToTrustModel(opt.TrustModel),
+>>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
 		IsTemplate:    opt.Template,
 	})
 	if err != nil {
diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go
index f9014b5303a89..b0f9f1feb337e 100644
--- a/routers/api/v1/user/gpg_key.go
+++ b/routers/api/v1/user/gpg_key.go
@@ -8,8 +8,8 @@ import (
 	"fmt"
 	"net/http"
 
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/convert"
 	api "code.gitea.io/gitea/modules/structs"
@@ -18,7 +18,7 @@ import (
 )
 
 func listGPGKeys(ctx *context.APIContext, uid int64, listOptions db.ListOptions) {
-	keys, err := keys_model.ListGPGKeys(db.DefaultContext, uid, listOptions)
+	keys, err := asymkey_model.ListGPGKeys(db.DefaultContext, uid, listOptions)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "ListGPGKeys", err)
 		return
@@ -29,7 +29,7 @@ func listGPGKeys(ctx *context.APIContext, uid int64, listOptions db.ListOptions)
 		apiKeys[i] = convert.ToGPGKey(keys[i])
 	}
 
-	total, err := keys_model.CountUserGPGKeys(uid)
+	total, err := asymkey_model.CountUserGPGKeys(uid)
 	if err != nil {
 		ctx.InternalServerError(err)
 		return
@@ -114,9 +114,9 @@ func GetGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	key, err := keys_model.GetGPGKeyByID(ctx.ParamsInt64(":id"))
+	key, err := asymkey_model.GetGPGKeyByID(ctx.ParamsInt64(":id"))
 	if err != nil {
-		if keys_model.IsErrGPGKeyNotExist(err) {
+		if asymkey_model.IsErrGPGKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetGPGKeyByID", err)
@@ -128,12 +128,12 @@ func GetGPGKey(ctx *context.APIContext) {
 
 // CreateUserGPGKey creates new GPG key to given user by ID.
 func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
-	token := keys_model.VerificationToken(ctx.User, 1)
-	lastToken := keys_model.VerificationToken(ctx.User, 0)
+	token := asymkey_model.VerificationToken(ctx.User, 1)
+	lastToken := asymkey_model.VerificationToken(ctx.User, 0)
 
-	keys, err := keys_model.AddGPGKey(uid, form.ArmoredKey, token, form.Signature)
-	if err != nil && keys_model.IsErrGPGInvalidTokenSignature(err) {
-		keys, err = keys_model.AddGPGKey(uid, form.ArmoredKey, lastToken, form.Signature)
+	keys, err := asymkey_model.AddGPGKey(uid, form.ArmoredKey, token, form.Signature)
+	if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {
+		keys, err = asymkey_model.AddGPGKey(uid, form.ArmoredKey, lastToken, form.Signature)
 	}
 	if err != nil {
 		HandleAddGPGKeyError(ctx, err, token)
@@ -156,7 +156,7 @@ func GetVerificationToken(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	token := keys_model.VerificationToken(ctx.User, 1)
+	token := asymkey_model.VerificationToken(ctx.User, 1)
 	ctx.PlainText(http.StatusOK, []byte(token))
 }
 
@@ -178,25 +178,25 @@ func VerifyUserGPGKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/validationError"
 
 	form := web.GetForm(ctx).(*api.VerifyGPGKeyOption)
-	token := keys_model.VerificationToken(ctx.User, 1)
-	lastToken := keys_model.VerificationToken(ctx.User, 0)
+	token := asymkey_model.VerificationToken(ctx.User, 1)
+	lastToken := asymkey_model.VerificationToken(ctx.User, 0)
 
-	_, err := keys_model.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
-	if err != nil && keys_model.IsErrGPGInvalidTokenSignature(err) {
-		_, err = keys_model.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
+	_, err := asymkey_model.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
+	if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {
+		_, err = asymkey_model.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
 	}
 
 	if err != nil {
-		if keys_model.IsErrGPGInvalidTokenSignature(err) {
+		if asymkey_model.IsErrGPGInvalidTokenSignature(err) {
 			ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
 			return
 		}
 		ctx.Error(http.StatusInternalServerError, "VerifyUserGPGKey", err)
 	}
 
-	key, err := keys_model.GetGPGKeysByKeyID(form.KeyID)
+	key, err := asymkey_model.GetGPGKeysByKeyID(form.KeyID)
 	if err != nil {
-		if keys_model.IsErrGPGKeyNotExist(err) {
+		if asymkey_model.IsErrGPGKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetGPGKeysByKeyID", err)
@@ -255,8 +255,8 @@ func DeleteGPGKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	if err := keys_model.DeleteGPGKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
-		if keys_model.IsErrGPGKeyAccessDenied(err) {
+	if err := asymkey_model.DeleteGPGKey(ctx.User, ctx.ParamsInt64(":id")); err != nil {
+		if asymkey_model.IsErrGPGKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeleteGPGKey", err)
@@ -270,15 +270,15 @@ func DeleteGPGKey(ctx *context.APIContext) {
 // HandleAddGPGKeyError handle add GPGKey error
 func HandleAddGPGKeyError(ctx *context.APIContext, err error, token string) {
 	switch {
-	case keys_model.IsErrGPGKeyAccessDenied(err):
+	case asymkey_model.IsErrGPGKeyAccessDenied(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyAccessDenied", "You do not have access to this GPG key")
-	case keys_model.IsErrGPGKeyIDAlreadyUsed(err):
+	case asymkey_model.IsErrGPGKeyIDAlreadyUsed(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyIDAlreadyUsed", "A key with the same id already exists")
-	case keys_model.IsErrGPGKeyParsing(err):
+	case asymkey_model.IsErrGPGKeyParsing(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyParsing", err)
-	case keys_model.IsErrGPGNoEmailFound(err):
+	case asymkey_model.IsErrGPGNoEmailFound(err):
 		ctx.Error(http.StatusNotFound, "GPGNoEmailFound", fmt.Sprintf("None of the emails attached to the GPG key could be found. It may still be added if you provide a valid signature for the token: %s", token))
-	case keys_model.IsErrGPGInvalidTokenSignature(err):
+	case asymkey_model.IsErrGPGInvalidTokenSignature(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
 	default:
 		ctx.Error(http.StatusInternalServerError, "AddGPGKey", err)
diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go
index 13ccd937dc85b..e8cc2035e5deb 100644
--- a/routers/api/v1/user/key.go
+++ b/routers/api/v1/user/key.go
@@ -7,7 +7,7 @@ package user
 import (
 	"net/http"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/context"
@@ -17,14 +17,14 @@ import (
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/api/v1/repo"
 	"code.gitea.io/gitea/routers/api/v1/utils"
-	keys_service "code.gitea.io/gitea/services/keys"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )
 
 // appendPrivateInformation appends the owner and key type information to api.PublicKey
-func appendPrivateInformation(apiKey *api.PublicKey, key *keys_model.PublicKey, defaultUser *user_model.User) (*api.PublicKey, error) {
-	if key.Type == keys_model.KeyTypeDeploy {
+func appendPrivateInformation(apiKey *api.PublicKey, key *asymkey_model.PublicKey, defaultUser *user_model.User) (*api.PublicKey, error) {
+	if key.Type == asymkey_model.KeyTypeDeploy {
 		apiKey.KeyType = "deploy"
-	} else if key.Type == keys_model.KeyTypeUser {
+	} else if key.Type == asymkey_model.KeyTypeUser {
 		apiKey.KeyType = "user"
 
 		if defaultUser.ID == key.OwnerID {
@@ -48,7 +48,7 @@ func composePublicKeysAPILink() string {
 }
 
 func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
-	var keys []*keys_model.PublicKey
+	var keys []*asymkey_model.PublicKey
 	var err error
 	var count int
 
@@ -59,14 +59,14 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 		// Querying not just listing
 		if username != "" {
 			// Restrict to provided uid
-			keys, err = keys_model.SearchPublicKey(user.ID, fingerprint)
+			keys, err = asymkey_model.SearchPublicKey(user.ID, fingerprint)
 		} else {
 			// Unrestricted
-			keys, err = keys_model.SearchPublicKey(0, fingerprint)
+			keys, err = asymkey_model.SearchPublicKey(0, fingerprint)
 		}
 		count = len(keys)
 	} else {
-		total, err2 := keys_model.CountPublicKeys(user.ID)
+		total, err2 := asymkey_model.CountPublicKeys(user.ID)
 		if err2 != nil {
 			ctx.InternalServerError(err)
 			return
@@ -74,7 +74,7 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 		count = int(total)
 
 		// Use ListPublicKeys
-		keys, err = keys_model.ListPublicKeys(user.ID, utils.GetListOptions(ctx))
+		keys, err = asymkey_model.ListPublicKeys(user.ID, utils.GetListOptions(ctx))
 	}
 
 	if err != nil {
@@ -178,9 +178,9 @@ func GetPublicKey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	key, err := keys_model.GetPublicKeyByID(ctx.ParamsInt64(":id"))
+	key, err := asymkey_model.GetPublicKeyByID(ctx.ParamsInt64(":id"))
 	if err != nil {
-		if keys_model.IsErrKeyNotExist(err) {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
 		} else {
 			ctx.Error(http.StatusInternalServerError, "GetPublicKeyByID", err)
@@ -198,13 +198,13 @@ func GetPublicKey(ctx *context.APIContext) {
 
 // CreateUserPublicKey creates new public key to given user by ID.
 func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid int64) {
-	content, err := keys_model.CheckPublicKeyString(form.Key)
+	content, err := asymkey_model.CheckPublicKeyString(form.Key)
 	if err != nil {
 		repo.HandleCheckKeyStringError(ctx, err)
 		return
 	}
 
-	key, err := keys_model.AddPublicKey(uid, form.Title, content, 0)
+	key, err := asymkey_model.AddPublicKey(uid, form.Title, content, 0)
 	if err != nil {
 		repo.HandleAddKeyError(ctx, err)
 		return
@@ -264,7 +264,7 @@ func DeletePublicKey(ctx *context.APIContext) {
 	//     "$ref": "#/responses/notFound"
 
 	id := ctx.ParamsInt64(":id")
-	externallyManaged, err := keys_model.PublicKeyIsExternallyManaged(id)
+	externallyManaged, err := asymkey_model.PublicKeyIsExternallyManaged(id)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "PublicKeyIsExternallyManaged", err)
 	}
@@ -272,10 +272,10 @@ func DeletePublicKey(ctx *context.APIContext) {
 		ctx.Error(http.StatusForbidden, "", "SSH Key is externally managed for this user")
 	}
 
-	if err := keys_service.DeletePublicKey(ctx.User, id); err != nil {
-		if keys_model.IsErrKeyNotExist(err) {
+	if err := asymkey_service.DeletePublicKey(ctx.User, id); err != nil {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.NotFound()
-		} else if keys_model.IsErrKeyAccessDenied(err) {
+		} else if asymkey_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
 			ctx.Error(http.StatusInternalServerError, "DeletePublicKey", err)
diff --git a/routers/init.go b/routers/init.go
index 6cc7caacbaeb8..804dfd65335b6 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -13,7 +13,7 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/modules/appstate"
 	"code.gitea.io/gitea/modules/cache"
 	"code.gitea.io/gitea/modules/eventsource"
@@ -88,7 +88,7 @@ func syncAppPathForGit(ctx context.Context) error {
 		mustInitCtx(ctx, repo_service.SyncRepositoryHooks)
 
 		log.Info("re-write ssh public keys ...")
-		mustInit(keys_model.RewriteAllPublicKeys)
+		mustInit(asymkey_model.RewriteAllPublicKeys)
 
 		runtimeState.LastAppPath = setting.AppPath
 		return appstate.AppState.Set(runtimeState)
diff --git a/routers/private/hook_verification.go b/routers/private/hook_verification.go
index a181ea0edffeb..1b44550cff440 100644
--- a/routers/private/hook_verification.go
+++ b/routers/private/hook_verification.go
@@ -12,7 +12,7 @@ import (
 	"io"
 	"os"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 )
@@ -97,7 +97,7 @@ func readAndVerifyCommit(sha string, repo *git.Repository, env []string) error {
 				if err != nil {
 					return err
 				}
-				verification := keys_model.ParseCommitWithSignature(commit)
+				verification := asymkey_model.ParseCommitWithSignature(commit)
 				if !verification.Verified {
 					cancel()
 					return &errUnverifiedCommit{
diff --git a/routers/private/key.go b/routers/private/key.go
index 3d8a1becfe070..30fde73c8acd7 100644
--- a/routers/private/key.go
+++ b/routers/private/key.go
@@ -8,7 +8,7 @@ package private
 import (
 	"net/http"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/timeutil"
@@ -18,16 +18,16 @@ import (
 func UpdatePublicKeyInRepo(ctx *context.PrivateContext) {
 	keyID := ctx.ParamsInt64(":id")
 	repoID := ctx.ParamsInt64(":repoid")
-	if err := keys_model.UpdatePublicKeyUpdated(keyID); err != nil {
+	if err := asymkey_model.UpdatePublicKeyUpdated(keyID); err != nil {
 		ctx.JSON(http.StatusInternalServerError, private.Response{
 			Err: err.Error(),
 		})
 		return
 	}
 
-	deployKey, err := keys_model.GetDeployKeyByRepo(keyID, repoID)
+	deployKey, err := asymkey_model.GetDeployKeyByRepo(keyID, repoID)
 	if err != nil {
-		if keys_model.IsErrDeployKeyNotExist(err) {
+		if asymkey_model.IsErrDeployKeyNotExist(err) {
 			ctx.PlainText(http.StatusOK, []byte("success"))
 			return
 		}
@@ -37,7 +37,7 @@ func UpdatePublicKeyInRepo(ctx *context.PrivateContext) {
 		return
 	}
 	deployKey.UpdatedUnix = timeutil.TimeStampNow()
-	if err = keys_model.UpdateDeployKeyCols(deployKey, "updated_unix"); err != nil {
+	if err = asymkey_model.UpdateDeployKeyCols(deployKey, "updated_unix"); err != nil {
 		ctx.JSON(http.StatusInternalServerError, private.Response{
 			Err: err.Error(),
 		})
@@ -52,7 +52,7 @@ func UpdatePublicKeyInRepo(ctx *context.PrivateContext) {
 func AuthorizedPublicKeyByContent(ctx *context.PrivateContext) {
 	content := ctx.FormString("content")
 
-	publicKey, err := keys_model.SearchPublicKeyByContent(content)
+	publicKey, err := asymkey_model.SearchPublicKeyByContent(content)
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, private.Response{
 			Err: err.Error(),
diff --git a/routers/private/serv.go b/routers/private/serv.go
index 96e989c1a1dd7..e5ebc5aa92b60 100644
--- a/routers/private/serv.go
+++ b/routers/private/serv.go
@@ -11,7 +11,7 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -35,9 +35,9 @@ func ServNoCommand(ctx *context.PrivateContext) {
 	}
 	results := private.KeyAndOwner{}
 
-	key, err := keys_model.GetPublicKeyByID(keyID)
+	key, err := asymkey_model.GetPublicKeyByID(keyID)
 	if err != nil {
-		if keys_model.IsErrKeyNotExist(err) {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.JSON(http.StatusUnauthorized, private.Response{
 				Err: fmt.Sprintf("Cannot find key: %d", keyID),
 			})
@@ -51,7 +51,7 @@ func ServNoCommand(ctx *context.PrivateContext) {
 	}
 	results.Key = key
 
-	if key.Type == keys_model.KeyTypeUser || key.Type == keys_model.KeyTypePrincipal {
+	if key.Type == asymkey_model.KeyTypeUser || key.Type == asymkey_model.KeyTypePrincipal {
 		user, err := user_model.GetUserByID(key.OwnerID)
 		if err != nil {
 			if user_model.IsErrUserNotExist(err) {
@@ -185,9 +185,9 @@ func ServCommand(ctx *context.PrivateContext) {
 	}
 
 	// Get the Public Key represented by the keyID
-	key, err := keys_model.GetPublicKeyByID(keyID)
+	key, err := asymkey_model.GetPublicKeyByID(keyID)
 	if err != nil {
-		if keys_model.IsErrKeyNotExist(err) {
+		if asymkey_model.IsErrKeyNotExist(err) {
 			ctx.JSON(http.StatusNotFound, private.ErrServCommand{
 				Results: results,
 				Err:     fmt.Sprintf("Cannot find key: %d", keyID),
@@ -206,7 +206,7 @@ func ServCommand(ctx *context.PrivateContext) {
 	results.UserID = key.OwnerID
 
 	// If repo doesn't exist, deploy key doesn't make sense
-	if !repoExist && key.Type == keys_model.KeyTypeDeploy {
+	if !repoExist && key.Type == asymkey_model.KeyTypeDeploy {
 		ctx.JSON(http.StatusNotFound, private.ErrServCommand{
 			Results: results,
 			Err:     fmt.Sprintf("Cannot find repository %s/%s", results.OwnerName, results.RepoName),
@@ -217,15 +217,15 @@ func ServCommand(ctx *context.PrivateContext) {
 	// Deploy Keys have ownerID set to 0 therefore we can't use the owner
 	// So now we need to check if the key is a deploy key
 	// We'll keep hold of the deploy key here for permissions checking
-	var deployKey *keys_model.DeployKey
+	var deployKey *asymkey_model.DeployKey
 	var user *user_model.User
-	if key.Type == keys_model.KeyTypeDeploy {
+	if key.Type == asymkey_model.KeyTypeDeploy {
 		results.IsDeployKey = true
 
 		var err error
-		deployKey, err = keys_model.GetDeployKeyByRepo(key.ID, repo.ID)
+		deployKey, err = asymkey_model.GetDeployKeyByRepo(key.ID, repo.ID)
 		if err != nil {
-			if keys_model.IsErrDeployKeyNotExist(err) {
+			if asymkey_model.IsErrDeployKeyNotExist(err) {
 				ctx.JSON(http.StatusNotFound, private.ErrServCommand{
 					Results: results,
 					Err:     fmt.Sprintf("Public (Deploy) Key: %d:%s is not authorized to %s %s/%s.", key.ID, key.Name, modeString, results.OwnerName, results.RepoName),
@@ -298,7 +298,7 @@ func ServCommand(ctx *context.PrivateContext) {
 			owner.Visibility.IsPrivate() ||
 			(user != nil && user.IsRestricted) || // user will be nil if the key is a deploykey
 			setting.Service.RequireSignInView) {
-		if key.Type == keys_model.KeyTypeDeploy {
+		if key.Type == asymkey_model.KeyTypeDeploy {
 			if deployKey.Mode < mode {
 				ctx.JSON(http.StatusUnauthorized, private.ErrServCommand{
 					Results: results,
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index 2396321626f6f..51e006b279094 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -11,8 +11,8 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
@@ -345,13 +345,13 @@ func Diff(ctx *context.Context) {
 	ctx.Data["CommitStatus"] = models.CalcCommitStatus(statuses)
 	ctx.Data["CommitStatuses"] = statuses
 
-	verification := keys_model.ParseCommitWithSignature(commit)
+	verification := asymkey_model.ParseCommitWithSignature(commit)
 	ctx.Data["Verification"] = verification
 	ctx.Data["Author"] = user_model.ValidateCommitWithEmail(commit)
 	ctx.Data["Parents"] = parents
 	ctx.Data["DiffNotAvailable"] = diff.NumFiles == 0
 
-	if err := keys_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
+	if err := asymkey_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
 		return models.IsUserRepoAdmin(ctx.Repo.Repository, user)
 	}, nil); err != nil {
 		ctx.ServerError("CalculateTrustStatus", err)
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index df977d2c13c9c..bc760f6b1110a 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -34,6 +34,7 @@ import (
 	"code.gitea.io/gitea/modules/upload"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	comment_service "code.gitea.io/gitea/services/comments"
 	"code.gitea.io/gitea/services/forms"
 	issue_service "code.gitea.io/gitea/services/issue"
@@ -1583,12 +1584,12 @@ func ViewIssue(ctx *context.Context) {
 		}
 		ctx.Data["WillSign"] = false
 		if ctx.User != nil {
-			sign, key, _, err := pull.SignMerge(ctx.User, pull.BaseRepo.RepoPath(), pull.BaseBranch, pull.GetGitRefName())
+			sign, key, _, err := asymkey_service.SignMerge(pull, ctx.User, pull.BaseRepo.RepoPath(), pull.BaseBranch, pull.GetGitRefName())
 			ctx.Data["WillSign"] = sign
 			ctx.Data["SigningKey"] = key
 			if err != nil {
-				if models.IsErrWontSign(err) {
-					ctx.Data["WontSignReason"] = err.(*models.ErrWontSign).Reason
+				if asymkey_service.IsErrWontSign(err) {
+					ctx.Data["WontSignReason"] = err.(*asymkey_service.ErrWontSign).Reason
 				} else {
 					ctx.Data["WontSignReason"] = "error"
 					log.Error("Error whilst checking if could sign pr %d in repo %s. Error: %v", pull.ID, pull.BaseRepo.FullName(), err)
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index a792b69159edf..23a2eabbf9232 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -13,8 +13,8 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -262,11 +262,15 @@ func CreatePost(ctx *context.Context) {
 			DefaultBranch: form.DefaultBranch,
 			AutoInit:      form.AutoInit,
 			IsTemplate:    form.Template,
+<<<<<<< HEAD
 <<<<<<< HEAD
 			TrustModel:    repo_model.ToTrustModel(form.TrustModel),
 =======
 			TrustModel:    keys_model.ToTrustModel(form.TrustModel),
 >>>>>>> 3db02666b (Move keys to models/keys)
+=======
+			TrustModel:    asymkey_model.ToTrustModel(form.TrustModel),
+>>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
 		})
 		if err == nil {
 			log.Trace("Repository created [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
diff --git a/routers/web/repo/setting.go b/routers/web/repo/setting.go
index 019beac253d7e..131b09cfc6316 100644
--- a/routers/web/repo/setting.go
+++ b/routers/web/repo/setting.go
@@ -15,8 +15,8 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
@@ -35,8 +35,8 @@ import (
 	"code.gitea.io/gitea/modules/validation"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/forms"
-	keys_service "code.gitea.io/gitea/services/keys"
 	"code.gitea.io/gitea/services/mailer"
 	"code.gitea.io/gitea/services/migrations"
 	mirror_service "code.gitea.io/gitea/services/mirror"
@@ -64,7 +64,7 @@ func Settings(ctx *context.Context) {
 	ctx.Data["DisableNewPushMirrors"] = setting.Mirror.DisableNewPush
 	ctx.Data["DefaultMirrorInterval"] = setting.Mirror.DefaultInterval
 
-	signing, _ := models.SigningKey(ctx.Repo.Repository.RepoPath())
+	signing, _ := asymkey_service.SigningKey(ctx.Repo.Repository.RepoPath())
 	ctx.Data["SigningKeyAvailable"] = len(signing) > 0
 	ctx.Data["SigningSettings"] = setting.Repository.Signing
 	pushMirrors, err := repo_model.GetPushMirrorsByRepoID(ctx.Repo.Repository.ID)
@@ -479,11 +479,15 @@ func SettingsPost(ctx *context.Context) {
 	case "signing":
 		changed := false
 
+<<<<<<< HEAD
 <<<<<<< HEAD
 		trustModel := repo_model.ToTrustModel(form.TrustModel)
 =======
 		trustModel := keys_model.ToTrustModel(form.TrustModel)
 >>>>>>> 3db02666b (Move keys to models/keys)
+=======
+		trustModel := asymkey_model.ToTrustModel(form.TrustModel)
+>>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
 		if trustModel != repo.TrustModel {
 			repo.TrustModel = trustModel
 			changed = true
@@ -1035,7 +1039,7 @@ func DeployKeys(ctx *context.Context) {
 	ctx.Data["PageIsSettingsKeys"] = true
 	ctx.Data["DisableSSH"] = setting.SSH.Disabled
 
-	keys, err := keys_model.ListDeployKeys(db.DefaultContext, &keys_model.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
+	keys, err := asymkey_model.ListDeployKeys(db.DefaultContext, &asymkey_model.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
 	if err != nil {
 		ctx.ServerError("ListDeployKeys", err)
 		return
@@ -1051,7 +1055,7 @@ func DeployKeysPost(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("repo.settings.deploy_keys")
 	ctx.Data["PageIsSettingsKeys"] = true
 
-	keys, err := keys_model.ListDeployKeys(db.DefaultContext, &keys_model.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
+	keys, err := asymkey_model.ListDeployKeys(db.DefaultContext, &asymkey_model.ListDeployKeysOptions{RepoID: ctx.Repo.Repository.ID})
 	if err != nil {
 		ctx.ServerError("ListDeployKeys", err)
 		return
@@ -1063,11 +1067,11 @@ func DeployKeysPost(ctx *context.Context) {
 		return
 	}
 
-	content, err := keys_model.CheckPublicKeyString(form.Content)
+	content, err := asymkey_model.CheckPublicKeyString(form.Content)
 	if err != nil {
 		if db.IsErrSSHDisabled(err) {
 			ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
-		} else if keys_model.IsErrKeyUnableVerify(err) {
+		} else if asymkey_model.IsErrKeyUnableVerify(err) {
 			ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
 		} else {
 			ctx.Data["HasError"] = true
@@ -1078,20 +1082,20 @@ func DeployKeysPost(ctx *context.Context) {
 		return
 	}
 
-	key, err := keys_model.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, !form.IsWritable)
+	key, err := asymkey_model.AddDeployKey(ctx.Repo.Repository.ID, form.Title, content, !form.IsWritable)
 	if err != nil {
 		ctx.Data["HasError"] = true
 		switch {
-		case keys_model.IsErrDeployKeyAlreadyExist(err):
+		case asymkey_model.IsErrDeployKeyAlreadyExist(err):
 			ctx.Data["Err_Content"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_been_used"), tplDeployKeys, &form)
-		case keys_model.IsErrKeyAlreadyExist(err):
+		case asymkey_model.IsErrKeyAlreadyExist(err):
 			ctx.Data["Err_Content"] = true
 			ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplDeployKeys, &form)
-		case keys_model.IsErrKeyNameAlreadyUsed(err):
+		case asymkey_model.IsErrKeyNameAlreadyUsed(err):
 			ctx.Data["Err_Title"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)
-		case keys_model.IsErrDeployKeyNameAlreadyUsed(err):
+		case asymkey_model.IsErrDeployKeyNameAlreadyUsed(err):
 			ctx.Data["Err_Title"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)
 		default:
@@ -1107,7 +1111,7 @@ func DeployKeysPost(ctx *context.Context) {
 
 // DeleteDeployKey response for deleting a deploy key
 func DeleteDeployKey(ctx *context.Context) {
-	if err := keys_service.DeleteDeployKey(ctx.User, ctx.FormInt64("id")); err != nil {
+	if err := asymkey_service.DeleteDeployKey(ctx.User, ctx.FormInt64("id")); err != nil {
 		ctx.Flash.Error("DeleteDeployKey: " + err.Error())
 	} else {
 		ctx.Flash.Success(ctx.Tr("repo.settings.deploy_key_deletion_success"))
diff --git a/routers/web/repo/settings_test.go b/routers/web/repo/settings_test.go
index 813377097c3eb..5b62e1ed16f7a 100644
--- a/routers/web/repo/settings_test.go
+++ b/routers/web/repo/settings_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models"
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
@@ -62,7 +62,7 @@ func TestAddReadOnlyDeployKey(t *testing.T) {
 	DeployKeysPost(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 
-	unittest.AssertExistsAndLoadBean(t, &keys_model.DeployKey{
+	unittest.AssertExistsAndLoadBean(t, &asymkey_model.DeployKey{
 		Name:    addKeyForm.Title,
 		Content: addKeyForm.Content,
 		Mode:    perm.AccessModeRead,
@@ -92,7 +92,7 @@ func TestAddReadWriteOnlyDeployKey(t *testing.T) {
 	DeployKeysPost(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 
-	unittest.AssertExistsAndLoadBean(t, &keys_model.DeployKey{
+	unittest.AssertExistsAndLoadBean(t, &asymkey_model.DeployKey{
 		Name:    addKeyForm.Title,
 		Content: addKeyForm.Content,
 		Mode:    perm.AccessModeWrite,
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 9623bd29446b3..9e0f670cf9ffc 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -20,8 +20,8 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	unit_model "code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -778,9 +778,9 @@ func renderDirectoryFiles(ctx *context.Context, timeout time.Duration) git.Entri
 	ctx.Data["LatestCommit"] = latestCommit
 	if latestCommit != nil {
 
-		verification := keys_model.ParseCommitWithSignature(latestCommit)
+		verification := asymkey_model.ParseCommitWithSignature(latestCommit)
 
-		if err := keys_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
+		if err := asymkey_model.CalculateTrustStatus(verification, ctx.Repo.Repository.GetTrustModel(), func(user *user_model.User) (bool, error) {
 			return models.IsUserRepoAdmin(ctx.Repo.Repository, user)
 		}, nil); err != nil {
 			ctx.ServerError("CalculateTrustStatus", err)
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index e414fb5ffb38f..bad621f91f475 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -15,8 +15,8 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
@@ -828,7 +828,7 @@ func repoIDMap(ctxUser *user_model.User, issueCountByRepo map[int64]int64, unitT
 
 // ShowSSHKeys output all the ssh keys of user by uid
 func ShowSSHKeys(ctx *context.Context, uid int64) {
-	keys, err := keys_model.ListPublicKeys(uid, db.ListOptions{})
+	keys, err := asymkey_model.ListPublicKeys(uid, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListPublicKeys", err)
 		return
@@ -844,7 +844,7 @@ func ShowSSHKeys(ctx *context.Context, uid int64) {
 
 // ShowGPGKeys output all the public GPG keys of user by uid
 func ShowGPGKeys(ctx *context.Context, uid int64) {
-	keys, err := keys_model.ListGPGKeys(db.DefaultContext, uid, db.ListOptions{})
+	keys, err := asymkey_model.ListGPGKeys(db.DefaultContext, uid, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListGPGKeys", err)
 		return
@@ -852,9 +852,9 @@ func ShowGPGKeys(ctx *context.Context, uid int64) {
 	entities := make([]*openpgp.Entity, 0)
 	failedEntitiesID := make([]string, 0)
 	for _, k := range keys {
-		e, err := keys_model.GPGKeyToEntity(k)
+		e, err := asymkey_model.GPGKeyToEntity(k)
 		if err != nil {
-			if keys_model.IsErrGPGKeyImportNotExist(err) {
+			if asymkey_model.IsErrGPGKeyImportNotExist(err) {
 				failedEntitiesID = append(failedEntitiesID, k.KeyID)
 				continue //Skip previous import without backup of imported armored key
 			}
diff --git a/routers/web/user/setting/keys.go b/routers/web/user/setting/keys.go
index 9c3ba973cdcfc..ec55462149b13 100644
--- a/routers/web/user/setting/keys.go
+++ b/routers/web/user/setting/keys.go
@@ -8,14 +8,14 @@ package setting
 import (
 	"net/http"
 
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/web"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/forms"
-	keys_service "code.gitea.io/gitea/services/keys"
 )
 
 const (
@@ -52,7 +52,7 @@ func KeysPost(ctx *context.Context) {
 	}
 	switch form.Type {
 	case "principal":
-		content, err := keys_model.CheckPrincipalKeyString(ctx.User, form.Content)
+		content, err := asymkey_model.CheckPrincipalKeyString(ctx.User, form.Content)
 		if err != nil {
 			if db.IsErrSSHDisabled(err) {
 				ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
@@ -62,10 +62,10 @@ func KeysPost(ctx *context.Context) {
 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 			return
 		}
-		if _, err = keys_model.AddPrincipalKey(ctx.User.ID, content, 0); err != nil {
+		if _, err = asymkey_model.AddPrincipalKey(ctx.User.ID, content, 0); err != nil {
 			ctx.Data["HasPrincipalError"] = true
 			switch {
-			case keys_model.IsErrKeyAlreadyExist(err), keys_model.IsErrKeyNameAlreadyUsed(err):
+			case asymkey_model.IsErrKeyAlreadyExist(err), asymkey_model.IsErrKeyNameAlreadyUsed(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Content"] = true
@@ -78,36 +78,36 @@ func KeysPost(ctx *context.Context) {
 		ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content))
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "gpg":
-		token := keys_model.VerificationToken(ctx.User, 1)
-		lastToken := keys_model.VerificationToken(ctx.User, 0)
+		token := asymkey_model.VerificationToken(ctx.User, 1)
+		lastToken := asymkey_model.VerificationToken(ctx.User, 0)
 
-		keys, err := keys_model.AddGPGKey(ctx.User.ID, form.Content, token, form.Signature)
-		if err != nil && keys_model.IsErrGPGInvalidTokenSignature(err) {
-			keys, err = keys_model.AddGPGKey(ctx.User.ID, form.Content, lastToken, form.Signature)
+		keys, err := asymkey_model.AddGPGKey(ctx.User.ID, form.Content, token, form.Signature)
+		if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {
+			keys, err = asymkey_model.AddGPGKey(ctx.User.ID, form.Content, lastToken, form.Signature)
 		}
 		if err != nil {
 			ctx.Data["HasGPGError"] = true
 			switch {
-			case keys_model.IsErrGPGKeyParsing(err):
+			case asymkey_model.IsErrGPGKeyParsing(err):
 				ctx.Flash.Error(ctx.Tr("form.invalid_gpg_key", err.Error()))
 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
-			case keys_model.IsErrGPGKeyIDAlreadyUsed(err):
+			case asymkey_model.IsErrGPGKeyIDAlreadyUsed(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Content"] = true
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_key_id_used"), tplSettingsKeys, &form)
-			case keys_model.IsErrGPGInvalidTokenSignature(err):
+			case asymkey_model.IsErrGPGInvalidTokenSignature(err):
 				loadKeysData(ctx)
 				ctx.Data["Err_Content"] = true
 				ctx.Data["Err_Signature"] = true
-				ctx.Data["KeyID"] = err.(keys_model.ErrGPGInvalidTokenSignature).ID
+				ctx.Data["KeyID"] = err.(asymkey_model.ErrGPGInvalidTokenSignature).ID
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_invalid_token_signature"), tplSettingsKeys, &form)
-			case keys_model.IsErrGPGNoEmailFound(err):
+			case asymkey_model.IsErrGPGNoEmailFound(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Content"] = true
 				ctx.Data["Err_Signature"] = true
-				ctx.Data["KeyID"] = err.(keys_model.ErrGPGNoEmailFound).ID
+				ctx.Data["KeyID"] = err.(asymkey_model.ErrGPGNoEmailFound).ID
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_no_key_email_found"), tplSettingsKeys, &form)
 			default:
 				ctx.ServerError("AddPublicKey", err)
@@ -125,21 +125,21 @@ func KeysPost(ctx *context.Context) {
 		ctx.Flash.Success(ctx.Tr("settings.add_gpg_key_success", keyIDs))
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "verify_gpg":
-		token := keys_model.VerificationToken(ctx.User, 1)
-		lastToken := keys_model.VerificationToken(ctx.User, 0)
+		token := asymkey_model.VerificationToken(ctx.User, 1)
+		lastToken := asymkey_model.VerificationToken(ctx.User, 0)
 
-		keyID, err := keys_model.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
-		if err != nil && keys_model.IsErrGPGInvalidTokenSignature(err) {
-			keyID, err = keys_model.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
+		keyID, err := asymkey_model.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
+		if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {
+			keyID, err = asymkey_model.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
 		}
 		if err != nil {
 			ctx.Data["HasGPGVerifyError"] = true
 			switch {
-			case keys_model.IsErrGPGInvalidTokenSignature(err):
+			case asymkey_model.IsErrGPGInvalidTokenSignature(err):
 				loadKeysData(ctx)
 				ctx.Data["VerifyingID"] = form.KeyID
 				ctx.Data["Err_Signature"] = true
-				ctx.Data["KeyID"] = err.(keys_model.ErrGPGInvalidTokenSignature).ID
+				ctx.Data["KeyID"] = err.(asymkey_model.ErrGPGInvalidTokenSignature).ID
 				ctx.RenderWithErr(ctx.Tr("settings.gpg_invalid_token_signature"), tplSettingsKeys, &form)
 			default:
 				ctx.ServerError("VerifyGPG", err)
@@ -148,11 +148,11 @@ func KeysPost(ctx *context.Context) {
 		ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID))
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	case "ssh":
-		content, err := keys_model.CheckPublicKeyString(form.Content)
+		content, err := asymkey_model.CheckPublicKeyString(form.Content)
 		if err != nil {
 			if db.IsErrSSHDisabled(err) {
 				ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
-			} else if keys_model.IsErrKeyUnableVerify(err) {
+			} else if asymkey_model.IsErrKeyUnableVerify(err) {
 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
 			} else {
 				ctx.Flash.Error(ctx.Tr("form.invalid_ssh_key", err.Error()))
@@ -161,20 +161,20 @@ func KeysPost(ctx *context.Context) {
 			return
 		}
 
-		if _, err = keys_model.AddPublicKey(ctx.User.ID, form.Title, content, 0); err != nil {
+		if _, err = asymkey_model.AddPublicKey(ctx.User.ID, form.Title, content, 0); err != nil {
 			ctx.Data["HasSSHError"] = true
 			switch {
-			case keys_model.IsErrKeyAlreadyExist(err):
+			case asymkey_model.IsErrKeyAlreadyExist(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Content"] = true
 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplSettingsKeys, &form)
-			case keys_model.IsErrKeyNameAlreadyUsed(err):
+			case asymkey_model.IsErrKeyNameAlreadyUsed(err):
 				loadKeysData(ctx)
 
 				ctx.Data["Err_Title"] = true
 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_name_used"), tplSettingsKeys, &form)
-			case keys_model.IsErrKeyUnableVerify(err):
+			case asymkey_model.IsErrKeyUnableVerify(err):
 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 			default:
@@ -197,14 +197,14 @@ func DeleteKey(ctx *context.Context) {
 
 	switch ctx.FormString("type") {
 	case "gpg":
-		if err := keys_model.DeleteGPGKey(ctx.User, ctx.FormInt64("id")); err != nil {
+		if err := asymkey_model.DeleteGPGKey(ctx.User, ctx.FormInt64("id")); err != nil {
 			ctx.Flash.Error("DeleteGPGKey: " + err.Error())
 		} else {
 			ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success"))
 		}
 	case "ssh":
 		keyID := ctx.FormInt64("id")
-		external, err := keys_model.PublicKeyIsExternallyManaged(keyID)
+		external, err := asymkey_model.PublicKeyIsExternallyManaged(keyID)
 		if err != nil {
 			ctx.ServerError("sshKeysExternalManaged", err)
 			return
@@ -214,13 +214,13 @@ func DeleteKey(ctx *context.Context) {
 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 			return
 		}
-		if err := keys_service.DeletePublicKey(ctx.User, keyID); err != nil {
+		if err := asymkey_service.DeletePublicKey(ctx.User, keyID); err != nil {
 			ctx.Flash.Error("DeletePublicKey: " + err.Error())
 		} else {
 			ctx.Flash.Success(ctx.Tr("settings.ssh_key_deletion_success"))
 		}
 	case "principal":
-		if err := keys_service.DeletePublicKey(ctx.User, ctx.FormInt64("id")); err != nil {
+		if err := asymkey_service.DeletePublicKey(ctx.User, ctx.FormInt64("id")); err != nil {
 			ctx.Flash.Error("DeletePublicKey: " + err.Error())
 		} else {
 			ctx.Flash.Success(ctx.Tr("settings.ssh_principal_deletion_success"))
@@ -235,32 +235,32 @@ func DeleteKey(ctx *context.Context) {
 }
 
 func loadKeysData(ctx *context.Context) {
-	keys, err := keys_model.ListPublicKeys(ctx.User.ID, db.ListOptions{})
+	keys, err := asymkey_model.ListPublicKeys(ctx.User.ID, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListPublicKeys", err)
 		return
 	}
 	ctx.Data["Keys"] = keys
 
-	externalKeys, err := keys_model.PublicKeysAreExternallyManaged(keys)
+	externalKeys, err := asymkey_model.PublicKeysAreExternallyManaged(keys)
 	if err != nil {
 		ctx.ServerError("ListPublicKeys", err)
 		return
 	}
 	ctx.Data["ExternalKeys"] = externalKeys
 
-	gpgkeys, err := keys_model.ListGPGKeys(db.DefaultContext, ctx.User.ID, db.ListOptions{})
+	gpgkeys, err := asymkey_model.ListGPGKeys(db.DefaultContext, ctx.User.ID, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListGPGKeys", err)
 		return
 	}
 	ctx.Data["GPGKeys"] = gpgkeys
-	tokenToSign := keys_model.VerificationToken(ctx.User, 1)
+	tokenToSign := asymkey_model.VerificationToken(ctx.User, 1)
 
 	// generate a new aes cipher using the csrfToken
 	ctx.Data["TokenToSign"] = tokenToSign
 
-	principals, err := keys_model.ListPrincipalKeys(ctx.User.ID, db.ListOptions{})
+	principals, err := asymkey_model.ListPrincipalKeys(ctx.User.ID, db.ListOptions{})
 	if err != nil {
 		ctx.ServerError("ListPrincipalKeys", err)
 		return
diff --git a/services/keys/deploy_key.go b/services/asymkey/deploy_key.go
similarity index 92%
rename from services/keys/deploy_key.go
rename to services/asymkey/deploy_key.go
index 7d3176a5d86fa..54ed1ad3346cc 100644
--- a/services/keys/deploy_key.go
+++ b/services/asymkey/deploy_key.go
@@ -2,12 +2,12 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"code.gitea.io/gitea/models"
+	keys "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/keys"
 	user_model "code.gitea.io/gitea/models/user"
 )
 
diff --git a/services/keys/main_test.go b/services/asymkey/main_test.go
similarity index 95%
rename from services/keys/main_test.go
rename to services/asymkey/main_test.go
index 2d1e0b556eed5..a891a10cf6b49 100644
--- a/services/keys/main_test.go
+++ b/services/asymkey/main_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"path/filepath"
diff --git a/models/repo_sign.go b/services/asymkey/sign.go
similarity index 58%
rename from models/repo_sign.go
rename to services/asymkey/sign.go
index c6e8cb338f3d6..4ccc581803adf 100644
--- a/models/repo_sign.go
+++ b/services/asymkey/sign.go
@@ -1,18 +1,17 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
+// Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package asymkey
 
 import (
-	"context"
 	"fmt"
 	"strings"
 
+	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
-	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
@@ -66,6 +65,22 @@ func signingModeFromStrings(modeStrings []string) []signingMode {
 	return returnable
 }
 
+// ErrWontSign explains the first reason why a commit would not be signed
+// There may be other reasons - this is just the first reason found
+type ErrWontSign struct {
+	Reason signingMode
+}
+
+func (e *ErrWontSign) Error() string {
+	return fmt.Sprintf("wont sign: %s", e.Reason)
+}
+
+// IsErrWontSign checks if an error is a ErrWontSign
+func IsErrWontSign(err error) bool {
+	_, ok := err.(*ErrWontSign)
+	return ok
+}
+
 // SigningKey returns the KeyID and git Signature for the repo
 func SigningKey(repoPath string) (string, *git.Signature) {
 	if setting.Repository.Signing.SigningKey == "none" {
@@ -127,7 +142,7 @@ Loop:
 		case always:
 			break Loop
 		case pubkey:
-			keys, err := keys.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
+			keys, err := asymkey_model.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
 			if err != nil {
 				return false, "", nil, err
 			}
@@ -148,9 +163,9 @@ Loop:
 }
 
 // SignWikiCommit determines if we should sign the commits to this repository wiki
-func SignWikiCommit(repo *repo_model.Repository, u *user_model.User) (bool, string, *git.Signature, error) {
+func SignWikiCommit(repoWikiPath string, u *user_model.User) (bool, string, *git.Signature, error) {
 	rules := signingModeFromStrings(setting.Repository.Signing.Wiki)
-	signingKey, sig := SigningKey(repo.WikiPath())
+	signingKey, sig := SigningKey(repoWikiPath)
 	if signingKey == "" {
 		return false, "", nil, &ErrWontSign{noKey}
 	}
@@ -163,7 +178,7 @@ Loop:
 		case always:
 			break Loop
 		case pubkey:
-			keys, err := keys.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
+			keys, err := asymkey_model.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
 			if err != nil {
 				return false, "", nil, err
 			}
@@ -179,7 +194,7 @@ Loop:
 				return false, "", nil, &ErrWontSign{twofa}
 			}
 		case parentSigned:
-			gitRepo, err := git.OpenRepository(repo.WikiPath())
+			gitRepo, err := git.OpenRepository(repoWikiPath)
 			if err != nil {
 				return false, "", nil, err
 			}
@@ -191,7 +206,7 @@ Loop:
 			if commit.Signature == nil {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
-			verification := keys.ParseCommitWithSignature(commit)
+			verification := asymkey_model.ParseCommitWithSignature(commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
@@ -201,9 +216,9 @@ Loop:
 }
 
 // SignCRUDAction determines if we should sign a CRUD commit to this repository
-func SignCRUDAction(repo *repo_model.Repository, u *user_model.User, tmpBasePath, parentCommit string) (bool, string, *git.Signature, error) {
+func SignCRUDAction(repoPath string, u *user_model.User, tmpBasePath, parentCommit string) (bool, string, *git.Signature, error) {
 	rules := signingModeFromStrings(setting.Repository.Signing.CRUDActions)
-	signingKey, sig := SigningKey(repo.RepoPath())
+	signingKey, sig := SigningKey(repoPath)
 	if signingKey == "" {
 		return false, "", nil, &ErrWontSign{noKey}
 	}
@@ -216,7 +231,7 @@ Loop:
 		case always:
 			break Loop
 		case pubkey:
-			keys, err := keys.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
+			keys, err := asymkey_model.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
 			if err != nil {
 				return false, "", nil, err
 			}
@@ -244,7 +259,7 @@ Loop:
 			if commit.Signature == nil {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
-			verification := keys.ParseCommitWithSignature(commit)
+			verification := asymkey_model.ParseCommitWithSignature(commit)
 			if !verification.Verified {
 				return false, "", nil, &ErrWontSign{parentSigned}
 			}
@@ -253,51 +268,121 @@ Loop:
 	return true, signingKey, sig, nil
 }
 
-// DeleteDeployKey delete deploy keys
-func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
-	key, err := keys.GetDeployKeyByID(ctx, id)
-	if err != nil {
-		if keys.IsErrDeployKeyNotExist(err) {
-			return nil
-		}
-		return fmt.Errorf("GetDeployKeyByID: %v", err)
+// SignMerge determines if we should sign a PR merge commit to the base repository
+func SignMerge(pr *models.PullRequest, u *user_model.User, tmpBasePath, baseCommit, headCommit string) (bool, string, *git.Signature, error) {
+	if err := pr.LoadBaseRepo(); err != nil {
+		log.Error("Unable to get Base Repo for pull request")
+		return false, "", nil, err
 	}
+	repo := pr.BaseRepo
 
-	sess := db.GetEngine(ctx)
-
-	// Check if user has access to delete this key.
-	if !doer.IsAdmin {
-		repo, err := getRepositoryByID(sess, key.RepoID)
-		if err != nil {
-			return fmt.Errorf("GetRepositoryByID: %v", err)
-		}
-		has, err := isUserRepoAdmin(sess, repo, doer)
-		if err != nil {
-			return fmt.Errorf("GetUserRepoPermission: %v", err)
-		} else if !has {
-			return keys.ErrKeyAccessDenied{
-				UserID: doer.ID,
-				KeyID:  key.ID,
-				Note:   "deploy",
-			}
-		}
+	signingKey, signer := SigningKey(repo.RepoPath())
+	if signingKey == "" {
+		return false, "", nil, &ErrWontSign{noKey}
 	}
+	rules := signingModeFromStrings(setting.Repository.Signing.Merges)
 
-	if _, err = sess.ID(key.ID).Delete(new(keys.DeployKey)); err != nil {
-		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
-	}
+	var gitRepo *git.Repository
+	var err error
 
-	// Check if this is the last reference to same key content.
-	has, err := sess.
-		Where("key_id = ?", key.KeyID).
-		Get(new(keys.DeployKey))
-	if err != nil {
-		return err
-	} else if !has {
-		if err = keys.DeletePublicKeys(ctx, key.KeyID); err != nil {
-			return err
+Loop:
+	for _, rule := range rules {
+		switch rule {
+		case never:
+			return false, "", nil, &ErrWontSign{never}
+		case always:
+			break Loop
+		case pubkey:
+			keys, err := asymkey_model.ListGPGKeys(db.DefaultContext, u.ID, db.ListOptions{})
+			if err != nil {
+				return false, "", nil, err
+			}
+			if len(keys) == 0 {
+				return false, "", nil, &ErrWontSign{pubkey}
+			}
+		case twofa:
+			twofaModel, err := login.GetTwoFactorByUID(u.ID)
+			if err != nil && !login.IsErrTwoFactorNotEnrolled(err) {
+				return false, "", nil, err
+			}
+			if twofaModel == nil {
+				return false, "", nil, &ErrWontSign{twofa}
+			}
+		case approved:
+			protectedBranch, err := models.GetProtectedBranchBy(repo.ID, pr.BaseBranch)
+			if err != nil {
+				return false, "", nil, err
+			}
+			if protectedBranch == nil {
+				return false, "", nil, &ErrWontSign{approved}
+			}
+			if protectedBranch.GetGrantedApprovalsCount(pr) < 1 {
+				return false, "", nil, &ErrWontSign{approved}
+			}
+		case baseSigned:
+			if gitRepo == nil {
+				gitRepo, err = git.OpenRepository(tmpBasePath)
+				if err != nil {
+					return false, "", nil, err
+				}
+				defer gitRepo.Close()
+			}
+			commit, err := gitRepo.GetCommit(baseCommit)
+			if err != nil {
+				return false, "", nil, err
+			}
+			verification := asymkey_model.ParseCommitWithSignature(commit)
+			if !verification.Verified {
+				return false, "", nil, &ErrWontSign{baseSigned}
+			}
+		case headSigned:
+			if gitRepo == nil {
+				gitRepo, err = git.OpenRepository(tmpBasePath)
+				if err != nil {
+					return false, "", nil, err
+				}
+				defer gitRepo.Close()
+			}
+			commit, err := gitRepo.GetCommit(headCommit)
+			if err != nil {
+				return false, "", nil, err
+			}
+			verification := asymkey_model.ParseCommitWithSignature(commit)
+			if !verification.Verified {
+				return false, "", nil, &ErrWontSign{headSigned}
+			}
+		case commitsSigned:
+			if gitRepo == nil {
+				gitRepo, err = git.OpenRepository(tmpBasePath)
+				if err != nil {
+					return false, "", nil, err
+				}
+				defer gitRepo.Close()
+			}
+			commit, err := gitRepo.GetCommit(headCommit)
+			if err != nil {
+				return false, "", nil, err
+			}
+			verification := asymkey_model.ParseCommitWithSignature(commit)
+			if !verification.Verified {
+				return false, "", nil, &ErrWontSign{commitsSigned}
+			}
+			// need to work out merge-base
+			mergeBaseCommit, _, err := gitRepo.GetMergeBase("", baseCommit, headCommit)
+			if err != nil {
+				return false, "", nil, err
+			}
+			commitList, err := commit.CommitsBeforeUntil(mergeBaseCommit)
+			if err != nil {
+				return false, "", nil, err
+			}
+			for _, commit := range commitList {
+				verification := asymkey_model.ParseCommitWithSignature(commit)
+				if !verification.Verified {
+					return false, "", nil, &ErrWontSign{commitsSigned}
+				}
+			}
 		}
 	}
-
-	return nil
+	return true, signingKey, signer, nil
 }
diff --git a/services/keys/ssh_key.go b/services/asymkey/ssh_key.go
similarity index 68%
rename from services/keys/ssh_key.go
rename to services/asymkey/ssh_key.go
index 6bcab40ca7646..1f6b93eb243e3 100644
--- a/services/keys/ssh_key.go
+++ b/services/asymkey/ssh_key.go
@@ -2,24 +2,24 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	user_model "code.gitea.io/gitea/models/user"
 )
 
 // DeletePublicKey deletes SSH key information both in database and authorized_keys file.
 func DeletePublicKey(doer *user_model.User, id int64) (err error) {
-	key, err := keys_model.GetPublicKeyByID(id)
+	key, err := asymkey_model.GetPublicKeyByID(id)
 	if err != nil {
 		return err
 	}
 
 	// Check if user has access to delete this key.
 	if !doer.IsAdmin && doer.ID != key.OwnerID {
-		return keys_model.ErrKeyAccessDenied{
+		return asymkey_model.ErrKeyAccessDenied{
 			UserID: doer.ID,
 			KeyID:  key.ID,
 			Note:   "public",
@@ -32,7 +32,7 @@ func DeletePublicKey(doer *user_model.User, id int64) (err error) {
 	}
 	defer committer.Close()
 
-	if err = keys_model.DeletePublicKeys(ctx, id); err != nil {
+	if err = asymkey_model.DeletePublicKeys(ctx, id); err != nil {
 		return err
 	}
 
@@ -41,9 +41,9 @@ func DeletePublicKey(doer *user_model.User, id int64) (err error) {
 	}
 	committer.Close()
 
-	if key.Type == keys_model.KeyTypePrincipal {
-		return keys_model.RewriteAllPrincipalKeys()
+	if key.Type == asymkey_model.KeyTypePrincipal {
+		return asymkey_model.RewriteAllPrincipalKeys()
 	}
 
-	return keys_model.RewriteAllPublicKeys()
+	return asymkey_model.RewriteAllPublicKeys()
 }
diff --git a/services/keys/ssh_key_test.go b/services/asymkey/ssh_key_test.go
similarity index 97%
rename from services/keys/ssh_key_test.go
rename to services/asymkey/ssh_key_test.go
index fe384a23ed7dd..0ce235f7f65cf 100644
--- a/services/keys/ssh_key_test.go
+++ b/services/asymkey/ssh_key_test.go
@@ -2,12 +2,12 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"testing"
 
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/login"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@@ -65,8 +65,8 @@ ssh-dss AAAAB3NzaC1kc3MAAACBAOChCC7lf6Uo9n7BmZ6M8St19PZf4Tn59NriyboW2x/DZuYAz3ib
 
 	for i, kase := range testCases {
 		s.ID = int64(i) + 20
-		keys_model.AddPublicKeysBySource(user, s, []string{kase.keyString})
-		keys, err := keys_model.ListPublicKeysBySource(user.ID, s.ID)
+		asymkey_model.AddPublicKeysBySource(user, s, []string{kase.keyString})
+		keys, err := asymkey_model.ListPublicKeysBySource(user.ID, s.ID)
 		assert.NoError(t, err)
 		if err != nil {
 			continue
diff --git a/services/auth/source/ldap/source_authenticate.go b/services/auth/source/ldap/source_authenticate.go
index f05ff5a3992f8..9938525c0edab 100644
--- a/services/auth/source/ldap/source_authenticate.go
+++ b/services/auth/source/ldap/source_authenticate.go
@@ -8,8 +8,8 @@ import (
 	"fmt"
 	"strings"
 
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	"code.gitea.io/gitea/models/login"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/services/mailer"
@@ -59,8 +59,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 	}
 
 	if user != nil {
-		if isAttributeSSHPublicKeySet && keys_model.SynchronizePublicKeys(user, source.loginSource, sr.SSHPublicKey) {
-			return user, keys_model.RewriteAllPublicKeys()
+		if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(user, source.loginSource, sr.SSHPublicKey) {
+			return user, asymkey_model.RewriteAllPublicKeys()
 		}
 
 		return user, nil
@@ -95,8 +95,8 @@ func (source *Source) Authenticate(user *user_model.User, userName, password str
 
 	mailer.SendRegisterNotifyMail(user)
 
-	if isAttributeSSHPublicKeySet && keys_model.AddPublicKeysBySource(user, source.loginSource, sr.SSHPublicKey) {
-		err = keys_model.RewriteAllPublicKeys()
+	if isAttributeSSHPublicKeySet && asymkey_model.AddPublicKeysBySource(user, source.loginSource, sr.SSHPublicKey) {
+		err = asymkey_model.RewriteAllPublicKeys()
 	}
 
 	if err == nil && len(source.AttributeAvatar) > 0 {
diff --git a/services/auth/source/ldap/source_sync.go b/services/auth/source/ldap/source_sync.go
index 4769b364c089a..fb15b2f0467d2 100644
--- a/services/auth/source/ldap/source_sync.go
+++ b/services/auth/source/ldap/source_sync.go
@@ -10,8 +10,8 @@ import (
 	"sort"
 	"strings"
 
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	user_service "code.gitea.io/gitea/services/user"
@@ -68,7 +68,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 			log.Warn("SyncExternalUsers: Cancelled at update of %s before completed update of users", source.loginSource.Name)
 			// Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed
 			if sshKeysNeedUpdate {
-				err = keys_model.RewriteAllPublicKeys()
+				err = asymkey_model.RewriteAllPublicKeys()
 				if err != nil {
 					log.Error("RewriteAllPublicKeys: %v", err)
 				}
@@ -119,7 +119,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 
 			if err == nil && isAttributeSSHPublicKeySet {
 				log.Trace("SyncExternalUsers[%s]: Adding LDAP Public SSH Keys for user %s", source.loginSource.Name, usr.Name)
-				if keys_model.AddPublicKeysBySource(usr, source.loginSource, su.SSHPublicKey) {
+				if asymkey_model.AddPublicKeysBySource(usr, source.loginSource, su.SSHPublicKey) {
 					sshKeysNeedUpdate = true
 				}
 			}
@@ -129,7 +129,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 			}
 		} else if updateExisting {
 			// Synchronize SSH Public Key if that attribute is set
-			if isAttributeSSHPublicKeySet && keys_model.SynchronizePublicKeys(usr, source.loginSource, su.SSHPublicKey) {
+			if isAttributeSSHPublicKeySet && asymkey_model.SynchronizePublicKeys(usr, source.loginSource, su.SSHPublicKey) {
 				sshKeysNeedUpdate = true
 			}
 
@@ -171,7 +171,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 
 	// Rewrite authorized_keys file if LDAP Public SSH Key attribute is set and any key was added or removed
 	if sshKeysNeedUpdate {
-		err = keys_model.RewriteAllPublicKeys()
+		err = asymkey_model.RewriteAllPublicKeys()
 		if err != nil {
 			log.Error("RewriteAllPublicKeys: %v", err)
 		}
diff --git a/services/cron/tasks_extended.go b/services/cron/tasks_extended.go
index 9dae99afa3b5f..90b391474f7b2 100644
--- a/services/cron/tasks_extended.go
+++ b/services/cron/tasks_extended.go
@@ -9,7 +9,7 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/updatechecker"
@@ -68,7 +68,7 @@ func registerRewriteAllPublicKeys() {
 		RunAtStart: false,
 		Schedule:   "@every 72h",
 	}, func(_ context.Context, _ *user_model.User, _ Config) error {
-		return keys_model.RewriteAllPublicKeys()
+		return asymkey_model.RewriteAllPublicKeys()
 	})
 }
 
@@ -78,7 +78,7 @@ func registerRewriteAllPrincipalKeys() {
 		RunAtStart: false,
 		Schedule:   "@every 72h",
 	}, func(_ context.Context, _ *user_model.User, _ Config) error {
-		return keys_model.RewriteAllPrincipalKeys()
+		return asymkey_model.RewriteAllPrincipalKeys()
 	})
 }
 
diff --git a/services/pull/merge.go b/services/pull/merge.go
index 49050d6beef1a..ab1f43a50a45a 100644
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@@ -27,6 +27,7 @@ import (
 	"code.gitea.io/gitea/modules/references"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	issue_service "code.gitea.io/gitea/services/issue"
 )
 
@@ -218,7 +219,7 @@ func rawMerge(pr *models.PullRequest, doer *user_model.User, mergeStyle repo_mod
 	// Determine if we should sign
 	signArg := ""
 	if git.CheckGitVersionAtLeast("1.7.9") == nil {
-		sign, keyID, signer, _ := pr.SignMerge(doer, tmpBasePath, "HEAD", trackingBranch)
+		sign, keyID, signer, _ := asymkey_service.SignMerge(pr, doer, tmpBasePath, "HEAD", trackingBranch)
 		if sign {
 			signArg = "-S" + keyID
 			if pr.BaseRepo.GetTrustModel() == repo_model.CommitterTrustModel || pr.BaseRepo.GetTrustModel() == repo_model.CollaboratorCommitterTrustModel {
@@ -553,7 +554,7 @@ func IsSignedIfRequired(pr *models.PullRequest, doer *user_model.User) (bool, er
 		return true, nil
 	}
 
-	sign, _, _, err := pr.SignMerge(doer, pr.BaseRepo.RepoPath(), pr.BaseBranch, pr.GetGitRefName())
+	sign, _, _, err := asymkey_service.SignMerge(pr, doer, pr.BaseRepo.RepoPath(), pr.BaseBranch, pr.GetGitRefName())
 
 	return sign, err
 }
diff --git a/services/repository/archiver/archiver.go b/services/repository/archiver/archiver.go
index 7e886d79cbd32..ea28084dbe93d 100644
--- a/services/repository/archiver/archiver.go
+++ b/services/repository/archiver/archiver.go
@@ -171,7 +171,7 @@ func doArchive(r *ArchiveRequest) (*repo_model.RepoArchiver, error) {
 		rd.Close()
 	}()
 	var done = make(chan error)
-	repo, err := models.LoadArchiverRepo(archiver)
+	repo, err := models.GetRepositoryByID(archiver.RepoID)
 	if err != nil {
 		return nil, fmt.Errorf("archiver.LoadRepo failed: %v", err)
 	}
diff --git a/services/repository/files/commit.go b/services/repository/files/commit.go
index 99343974a2aec..4e391ff343a37 100644
--- a/services/repository/files/commit.go
+++ b/services/repository/files/commit.go
@@ -8,7 +8,7 @@ import (
 	"fmt"
 
 	"code.gitea.io/gitea/models"
-	keys_model "code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -56,7 +56,7 @@ func CountDivergingCommits(repo *repo_model.Repository, branch string) (*git.Div
 // GetPayloadCommitVerification returns the verification information of a commit
 func GetPayloadCommitVerification(commit *git.Commit) *structs.PayloadCommitVerification {
 	verification := &structs.PayloadCommitVerification{}
-	commitVerification := keys_model.ParseCommitWithSignature(commit)
+	commitVerification := asymkey_model.ParseCommitWithSignature(commit)
 	if commit.Signature != nil {
 		verification.Signature = commit.Signature.Signature
 		verification.Payload = commit.Signature.Payload
diff --git a/services/repository/files/temp_repo.go b/services/repository/files/temp_repo.go
index 815aa2c69f977..52879dd3b05ea 100644
--- a/services/repository/files/temp_repo.go
+++ b/services/repository/files/temp_repo.go
@@ -20,6 +20,7 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/gitdiff"
 )
 
@@ -217,7 +218,7 @@ func (t *TemporaryUploadRepository) CommitTreeWithDate(author, committer *user_m
 
 	// Determine if we should sign
 	if git.CheckGitVersionAtLeast("1.7.9") == nil {
-		sign, keyID, signer, _ := models.SignCRUDAction(t.repo, author, t.basePath, "HEAD")
+		sign, keyID, signer, _ := asymkey_service.SignCRUDAction(t.repo.RepoPath(), author, t.basePath, "HEAD")
 		if sign {
 			args = append(args, "-S"+keyID)
 			if t.repo.GetTrustModel() == repo_model.CommitterTrustModel || t.repo.GetTrustModel() == repo_model.CollaboratorCommitterTrustModel {
diff --git a/services/repository/files/update.go b/services/repository/files/update.go
index 9a069acbfcbb3..4bafa62cc11cb 100644
--- a/services/repository/files/update.go
+++ b/services/repository/files/update.go
@@ -21,6 +21,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	repo_service "code.gitea.io/gitea/services/repository"
 
 	stdcharset "golang.org/x/net/html/charset"
@@ -458,9 +459,9 @@ func VerifyBranchProtection(repo *repo_model.Repository, doer *user_model.User,
 			}
 		}
 		if protectedBranch.RequireSignedCommits {
-			_, _, _, err := models.SignCRUDAction(repo, doer, repo.RepoPath(), branchName)
+			_, _, _, err := asymkey_service.SignCRUDAction(repo.RepoPath(), doer, repo.RepoPath(), branchName)
 			if err != nil {
-				if !models.IsErrWontSign(err) {
+				if !asymkey_service.IsErrWontSign(err) {
 					return err
 				}
 				return models.ErrUserCannotCommit{
diff --git a/services/user/user.go b/services/user/user.go
index 7b6681e32934f..21f1a74f62f62 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -14,8 +14,8 @@ import (
 
 	"code.gitea.io/gitea/models"
 	admin_model "code.gitea.io/gitea/models/admin"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	keys_model "code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/avatar"
@@ -66,10 +66,10 @@ func DeleteUser(u *user_model.User) error {
 	}
 	committer.Close()
 
-	if err = keys_model.RewriteAllPublicKeys(); err != nil {
+	if err = asymkey_model.RewriteAllPublicKeys(); err != nil {
 		return err
 	}
-	if err = keys_model.RewriteAllPrincipalKeys(); err != nil {
+	if err = asymkey_model.RewriteAllPrincipalKeys(); err != nil {
 		return err
 	}
 
diff --git a/services/wiki/wiki.go b/services/wiki/wiki.go
index 18e9b26d81e61..aa683dd44fa23 100644
--- a/services/wiki/wiki.go
+++ b/services/wiki/wiki.go
@@ -22,6 +22,7 @@ import (
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/sync"
 	"code.gitea.io/gitea/modules/util"
+	asymkey_service "code.gitea.io/gitea/services/asymkey"
 )
 
 var (
@@ -225,7 +226,7 @@ func updateWikiPage(doer *user_model.User, repo *repo_model.Repository, oldWikiN
 
 	committer := doer.NewGitSig()
 
-	sign, signingKey, signer, _ := models.SignWikiCommit(repo, doer)
+	sign, signingKey, signer, _ := asymkey_service.SignWikiCommit(repo.WikiPath(), doer)
 	if sign {
 		commitTreeOpts.KeyID = signingKey
 		if repo.GetTrustModel() == repo_model.CommitterTrustModel || repo.GetTrustModel() == repo_model.CollaboratorCommitterTrustModel {
@@ -343,7 +344,7 @@ func DeleteWikiPage(doer *user_model.User, repo *repo_model.Repository, wikiName
 
 	committer := doer.NewGitSig()
 
-	sign, signingKey, signer, _ := models.SignWikiCommit(repo, doer)
+	sign, signingKey, signer, _ := asymkey_service.SignWikiCommit(repo.WikiPath(), doer)
 	if sign {
 		commitTreeOpts.KeyID = signingKey
 		if repo.GetTrustModel() == repo_model.CommitterTrustModel || repo.GetTrustModel() == repo_model.CollaboratorCommitterTrustModel {

From a72c07283427bf718dd5bfec6cb3869ffd01e324 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 6 Dec 2021 16:04:54 +0800
Subject: [PATCH 3/9] change the missed package name

---
 models/asymkey/error.go                         | 2 +-
 models/asymkey/gpg_key.go                       | 2 +-
 models/asymkey/gpg_key_add.go                   | 2 +-
 models/asymkey/gpg_key_commit_verification.go   | 2 +-
 models/asymkey/gpg_key_common.go                | 2 +-
 models/asymkey/gpg_key_import.go                | 2 +-
 models/asymkey/gpg_key_test.go                  | 2 +-
 models/asymkey/gpg_key_verify.go                | 2 +-
 models/asymkey/ssh_key.go                       | 2 +-
 models/asymkey/ssh_key_authorized_keys.go       | 2 +-
 models/asymkey/ssh_key_authorized_principals.go | 2 +-
 models/asymkey/ssh_key_deploy.go                | 2 +-
 models/asymkey/ssh_key_fingerprint.go           | 2 +-
 models/asymkey/ssh_key_parse.go                 | 2 +-
 models/asymkey/ssh_key_principals.go            | 2 +-
 models/asymkey/ssh_key_test.go                  | 2 +-
 16 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/models/asymkey/error.go b/models/asymkey/error.go
index 5755ecc22688d..7add553bd61c4 100644
--- a/models/asymkey/error.go
+++ b/models/asymkey/error.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import "fmt"
 
diff --git a/models/asymkey/gpg_key.go b/models/asymkey/gpg_key.go
index ac5929933e6f1..ced6ca37a3962 100644
--- a/models/asymkey/gpg_key.go
+++ b/models/asymkey/gpg_key.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"context"
diff --git a/models/asymkey/gpg_key_add.go b/models/asymkey/gpg_key_add.go
index ac449fab9d03e..8f84bba1df7ef 100644
--- a/models/asymkey/gpg_key_add.go
+++ b/models/asymkey/gpg_key_add.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"strings"
diff --git a/models/asymkey/gpg_key_commit_verification.go b/models/asymkey/gpg_key_commit_verification.go
index 6ea0433e99c8d..58f75ba373f04 100644
--- a/models/asymkey/gpg_key_commit_verification.go
+++ b/models/asymkey/gpg_key_commit_verification.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"fmt"
diff --git a/models/asymkey/gpg_key_common.go b/models/asymkey/gpg_key_common.go
index 58d9ea8791e62..1ea510c45fef0 100644
--- a/models/asymkey/gpg_key_common.go
+++ b/models/asymkey/gpg_key_common.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"bytes"
diff --git a/models/asymkey/gpg_key_import.go b/models/asymkey/gpg_key_import.go
index 6bc31d3228a78..210c4b835b3ba 100644
--- a/models/asymkey/gpg_key_import.go
+++ b/models/asymkey/gpg_key_import.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import "code.gitea.io/gitea/models/db"
 
diff --git a/models/asymkey/gpg_key_test.go b/models/asymkey/gpg_key_test.go
index 9c3bdb6374763..07bb77bdf468a 100644
--- a/models/asymkey/gpg_key_test.go
+++ b/models/asymkey/gpg_key_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"testing"
diff --git a/models/asymkey/gpg_key_verify.go b/models/asymkey/gpg_key_verify.go
index a648bc85364d7..152765cc3aeb7 100644
--- a/models/asymkey/gpg_key_verify.go
+++ b/models/asymkey/gpg_key_verify.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"strconv"
diff --git a/models/asymkey/ssh_key.go b/models/asymkey/ssh_key.go
index 8a2ab6fbbb58a..cc636632211c6 100644
--- a/models/asymkey/ssh_key.go
+++ b/models/asymkey/ssh_key.go
@@ -3,7 +3,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"context"
diff --git a/models/asymkey/ssh_key_authorized_keys.go b/models/asymkey/ssh_key_authorized_keys.go
index ef4ca44663915..dd058f5d11982 100644
--- a/models/asymkey/ssh_key_authorized_keys.go
+++ b/models/asymkey/ssh_key_authorized_keys.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"bufio"
diff --git a/models/asymkey/ssh_key_authorized_principals.go b/models/asymkey/ssh_key_authorized_principals.go
index b4fd4684a88a5..a8c48c50aac99 100644
--- a/models/asymkey/ssh_key_authorized_principals.go
+++ b/models/asymkey/ssh_key_authorized_principals.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"bufio"
diff --git a/models/asymkey/ssh_key_deploy.go b/models/asymkey/ssh_key_deploy.go
index 48b848b71db4d..0bdd725ab5ef1 100644
--- a/models/asymkey/ssh_key_deploy.go
+++ b/models/asymkey/ssh_key_deploy.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"context"
diff --git a/models/asymkey/ssh_key_fingerprint.go b/models/asymkey/ssh_key_fingerprint.go
index a912b1d103556..437f283bfa499 100644
--- a/models/asymkey/ssh_key_fingerprint.go
+++ b/models/asymkey/ssh_key_fingerprint.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"errors"
diff --git a/models/asymkey/ssh_key_parse.go b/models/asymkey/ssh_key_parse.go
index e9783a3b51fd9..734bd4ccab99a 100644
--- a/models/asymkey/ssh_key_parse.go
+++ b/models/asymkey/ssh_key_parse.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"crypto/rsa"
diff --git a/models/asymkey/ssh_key_principals.go b/models/asymkey/ssh_key_principals.go
index d8674a6a72fc2..19fc6644cba73 100644
--- a/models/asymkey/ssh_key_principals.go
+++ b/models/asymkey/ssh_key_principals.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"errors"
diff --git a/models/asymkey/ssh_key_test.go b/models/asymkey/ssh_key_test.go
index c00dcab4f1738..8b1808568808c 100644
--- a/models/asymkey/ssh_key_test.go
+++ b/models/asymkey/ssh_key_test.go
@@ -3,7 +3,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package keys
+package asymkey
 
 import (
 	"strings"

From 04b15b2674a28739dccb896e22042eb0caa92683 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 6 Dec 2021 16:26:15 +0800
Subject: [PATCH 4/9] Fix package alias

---
 models/commit.go               |   4 +-
 models/commit_status.go        |   7 +-
 models/repo.go                 | 180 ++++-----------------------------
 services/asymkey/deploy_key.go |   4 +-
 4 files changed, 25 insertions(+), 170 deletions(-)

diff --git a/models/commit.go b/models/commit.go
index b8034d8230611..5df6964a1d06e 100644
--- a/models/commit.go
+++ b/models/commit.go
@@ -5,7 +5,7 @@
 package models
 
 import (
-	"code.gitea.io/gitea/models/keys"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
@@ -14,7 +14,7 @@ import (
 // ConvertFromGitCommit converts git commits into SignCommitWithStatuses
 func ConvertFromGitCommit(commits []*git.Commit, repo *repo_model.Repository) []*SignCommitWithStatuses {
 	return ParseCommitsWithStatus(
-		keys.ParseCommitsWithSignature(
+		asymkey_model.ParseCommitsWithSignature(
 			user_model.ValidateCommitsWithEmails(commits),
 			repo.GetTrustModel(),
 			func(user *user_model.User) (bool, error) {
diff --git a/models/commit_status.go b/models/commit_status.go
index 697f53be5954c..93b6f93f96404 100644
--- a/models/commit_status.go
+++ b/models/commit_status.go
@@ -12,9 +12,8 @@ import (
 	"strings"
 	"time"
 
-	keys "code.gitea.io/gitea/models/asymkey"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/keys"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
@@ -330,11 +329,11 @@ func NewCommitStatus(opts NewCommitStatusOptions) error {
 type SignCommitWithStatuses struct {
 	Status   *CommitStatus
 	Statuses []*CommitStatus
-	*keys.SignCommit
+	*asymkey_model.SignCommit
 }
 
 // ParseCommitsWithStatus checks commits latest statuses and calculates its worst status state
-func ParseCommitsWithStatus(oldCommits []*keys.SignCommit, repo *repo_model.Repository) []*SignCommitWithStatuses {
+func ParseCommitsWithStatus(oldCommits []*asymkey_model.SignCommit, repo *repo_model.Repository) []*SignCommitWithStatuses {
 	newCommits := make([]*SignCommitWithStatuses, 0, len(oldCommits))
 
 	for _, c := range oldCommits {
diff --git a/models/repo.go b/models/repo.go
index 351e908c96f9d..a2d5d27ffe97f 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -20,7 +20,7 @@ import (
 	_ "image/jpeg" // Needed for jpeg support
 
 	admin_model "code.gitea.io/gitea/models/admin"
-	keys "code.gitea.io/gitea/models/asymkey"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -127,157 +127,9 @@ func NewRepoContext() {
 	admin_model.RemoveAllWithNotice(db.DefaultContext, "Clean up repository temporary data", filepath.Join(setting.AppDataPath, "tmp"))
 }
 
-<<<<<<< HEAD
 // CheckRepoUnitUser check whether user could visit the unit of this repository
 func CheckRepoUnitUser(repo *repo_model.Repository, user *user_model.User, unitType unit.Type) bool {
 	return checkRepoUnitUser(db.DefaultContext, repo, user, unitType)
-=======
-// RepositoryStatus defines the status of repository
-type RepositoryStatus int
-
-// all kinds of RepositoryStatus
-const (
-	RepositoryReady           RepositoryStatus = iota // a normal repository
-	RepositoryBeingMigrated                           // repository is migrating
-	RepositoryPendingTransfer                         // repository pending in ownership transfer state
-	RepositoryBroken                                  // repository is in a permanently broken state
-)
-
-// Repository represents a git repository.
-type Repository struct {
-	ID                  int64 `xorm:"pk autoincr"`
-	OwnerID             int64 `xorm:"UNIQUE(s) index"`
-	OwnerName           string
-	Owner               *user_model.User   `xorm:"-"`
-	LowerName           string             `xorm:"UNIQUE(s) INDEX NOT NULL"`
-	Name                string             `xorm:"INDEX NOT NULL"`
-	Description         string             `xorm:"TEXT"`
-	Website             string             `xorm:"VARCHAR(2048)"`
-	OriginalServiceType api.GitServiceType `xorm:"index"`
-	OriginalURL         string             `xorm:"VARCHAR(2048)"`
-	DefaultBranch       string
-
-	NumWatches          int
-	NumStars            int
-	NumForks            int
-	NumIssues           int
-	NumClosedIssues     int
-	NumOpenIssues       int `xorm:"-"`
-	NumPulls            int
-	NumClosedPulls      int
-	NumOpenPulls        int `xorm:"-"`
-	NumMilestones       int `xorm:"NOT NULL DEFAULT 0"`
-	NumClosedMilestones int `xorm:"NOT NULL DEFAULT 0"`
-	NumOpenMilestones   int `xorm:"-"`
-	NumProjects         int `xorm:"NOT NULL DEFAULT 0"`
-	NumClosedProjects   int `xorm:"NOT NULL DEFAULT 0"`
-	NumOpenProjects     int `xorm:"-"`
-
-	IsPrivate   bool `xorm:"INDEX"`
-	IsEmpty     bool `xorm:"INDEX"`
-	IsArchived  bool `xorm:"INDEX"`
-	IsMirror    bool `xorm:"INDEX"`
-	*Mirror     `xorm:"-"`
-	PushMirrors []*PushMirror    `xorm:"-"`
-	Status      RepositoryStatus `xorm:"NOT NULL DEFAULT 0"`
-
-	RenderingMetas         map[string]string `xorm:"-"`
-	DocumentRenderingMetas map[string]string `xorm:"-"`
-	Units                  []*RepoUnit       `xorm:"-"`
-	PrimaryLanguage        *LanguageStat     `xorm:"-"`
-
-	IsFork                          bool               `xorm:"INDEX NOT NULL DEFAULT false"`
-	ForkID                          int64              `xorm:"INDEX"`
-	BaseRepo                        *Repository        `xorm:"-"`
-	IsTemplate                      bool               `xorm:"INDEX NOT NULL DEFAULT false"`
-	TemplateID                      int64              `xorm:"INDEX"`
-	TemplateRepo                    *Repository        `xorm:"-"`
-	Size                            int64              `xorm:"NOT NULL DEFAULT 0"`
-	CodeIndexerStatus               *RepoIndexerStatus `xorm:"-"`
-	StatsIndexerStatus              *RepoIndexerStatus `xorm:"-"`
-	IsFsckEnabled                   bool               `xorm:"NOT NULL DEFAULT true"`
-	CloseIssuesViaCommitInAnyBranch bool               `xorm:"NOT NULL DEFAULT false"`
-	Topics                          []string           `xorm:"TEXT JSON"`
-
-	TrustModel keys.TrustModelType
-
-	// Avatar: ID(10-20)-md5(32) - must fit into 64 symbols
-	Avatar string `xorm:"VARCHAR(64)"`
-
-	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
-	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
-}
-
-func init() {
-	db.RegisterModel(new(Repository))
-}
-
-// SanitizedOriginalURL returns a sanitized OriginalURL
-func (repo *Repository) SanitizedOriginalURL() string {
-	if repo.OriginalURL == "" {
-		return ""
-	}
-	u, err := url.Parse(repo.OriginalURL)
-	if err != nil {
-		return ""
-	}
-	u.User = nil
-	return u.String()
-}
-
-// ColorFormat returns a colored string to represent this repo
-func (repo *Repository) ColorFormat(s fmt.State) {
-	log.ColorFprintf(s, "%d:%s/%s",
-		log.NewColoredIDValue(repo.ID),
-		repo.OwnerName,
-		repo.Name)
-}
-
-// IsBeingMigrated indicates that repository is being migrated
-func (repo *Repository) IsBeingMigrated() bool {
-	return repo.Status == RepositoryBeingMigrated
-}
-
-// IsBeingCreated indicates that repository is being migrated or forked
-func (repo *Repository) IsBeingCreated() bool {
-	return repo.IsBeingMigrated()
-}
-
-// IsBroken indicates that repository is broken
-func (repo *Repository) IsBroken() bool {
-	return repo.Status == RepositoryBroken
-}
-
-// AfterLoad is invoked from XORM after setting the values of all fields of this object.
-func (repo *Repository) AfterLoad() {
-	// FIXME: use models migration to solve all at once.
-	if len(repo.DefaultBranch) == 0 {
-		repo.DefaultBranch = setting.Repository.DefaultBranch
-	}
-
-	repo.NumOpenIssues = repo.NumIssues - repo.NumClosedIssues
-	repo.NumOpenPulls = repo.NumPulls - repo.NumClosedPulls
-	repo.NumOpenMilestones = repo.NumMilestones - repo.NumClosedMilestones
-	repo.NumOpenProjects = repo.NumProjects - repo.NumClosedProjects
-}
-
-// MustOwner always returns a valid *user_model.User object to avoid
-// conceptually impossible error handling.
-// It creates a fake object that contains error details
-// when error occurs.
-func (repo *Repository) MustOwner() *user_model.User {
-	return repo.mustOwner(db.GetEngine(db.DefaultContext))
-}
-
-// FullName returns the repository full name
-func (repo *Repository) FullName() string {
-	return repo.OwnerName + "/" + repo.Name
-}
-
-// HTMLURL returns the repository HTML URL
-func (repo *Repository) HTMLURL() string {
-	return setting.AppURL + url.PathEscape(repo.OwnerName) + "/" + url.PathEscape(repo.Name)
->>>>>>> 3db02666b (Move keys to models/keys)
 }
 
 func checkRepoUnitUser(ctx context.Context, repo *repo_model.Repository, user *user_model.User, unitType unit.Type) bool {
@@ -569,8 +421,12 @@ type CreateRepoOptions struct {
 	TrustModel     repo_model.TrustModelType
 =======
 	Status         RepositoryStatus
+<<<<<<< HEAD
 	TrustModel     keys.TrustModelType
 >>>>>>> 3db02666b (Move keys to models/keys)
+=======
+	TrustModel     asymkey_model.TrustModelType
+>>>>>>> 98e1e13cc (Fix package alias)
 	MirrorInterval string
 }
 
@@ -1010,7 +866,7 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error {
 	}
 
 	// Delete Deploy Keys
-	deployKeys, err := keys.ListDeployKeys(ctx, &keys.ListDeployKeysOptions{RepoID: repoID})
+	deployKeys, err := asymkey_model.ListDeployKeys(ctx, &asymkey_model.ListDeployKeysOptions{RepoID: repoID})
 	if err != nil {
 		return fmt.Errorf("listDeployKeys: %v", err)
 	}
@@ -1209,7 +1065,7 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error {
 	committer.Close()
 
 	if needRewriteKeysFile {
-		if err := keys.RewriteAllPublicKeys(); err != nil {
+		if err := asymkey_model.RewriteAllPublicKeys(); err != nil {
 			log.Error("RewriteAllPublicKeys failed: %v", err)
 		}
 	}
@@ -1491,12 +1347,12 @@ func UpdateRepositoryCols(repo *repo_model.Repository, cols ...string) error {
 <<<<<<< HEAD
 =======
 // GetTrustModel will get the TrustModel for the repo or the default trust model
-func (repo *Repository) GetTrustModel() keys.TrustModelType {
+func (repo *Repository) GetTrustModel() asymkey_model.TrustModelType {
 	trustModel := repo.TrustModel
-	if trustModel == keys.DefaultTrustModel {
-		trustModel = keys.ToTrustModel(setting.Repository.Signing.DefaultTrustModel)
-		if trustModel == keys.DefaultTrustModel {
-			return keys.CollaboratorTrustModel
+	if trustModel == asymkey_model.DefaultTrustModel {
+		trustModel = asymkey_model.ToTrustModel(setting.Repository.Signing.DefaultTrustModel)
+		if trustModel == asymkey_model.DefaultTrustModel {
+			return asymkey_model.CollaboratorTrustModel
 		}
 	}
 	return trustModel
@@ -1590,9 +1446,9 @@ func LinkedRepository(a *repo_model.Attachment) (*repo_model.Repository, unit.Ty
 
 // DeleteDeployKey delete deploy keys
 func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
-	key, err := keys.GetDeployKeyByID(ctx, id)
+	key, err := asymkey_model.GetDeployKeyByID(ctx, id)
 	if err != nil {
-		if keys.IsErrDeployKeyNotExist(err) {
+		if asymkey_model.IsErrDeployKeyNotExist(err) {
 			return nil
 		}
 		return fmt.Errorf("GetDeployKeyByID: %v", err)
@@ -1610,7 +1466,7 @@ func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error
 		if err != nil {
 			return fmt.Errorf("GetUserRepoPermission: %v", err)
 		} else if !has {
-			return keys.ErrKeyAccessDenied{
+			return asymkey_model.ErrKeyAccessDenied{
 				UserID: doer.ID,
 				KeyID:  key.ID,
 				Note:   "deploy",
@@ -1618,18 +1474,18 @@ func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error
 		}
 	}
 
-	if _, err = sess.ID(key.ID).Delete(new(keys.DeployKey)); err != nil {
+	if _, err = sess.ID(key.ID).Delete(new(asymkey_model.DeployKey)); err != nil {
 		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
 	}
 
 	// Check if this is the last reference to same key content.
 	has, err := sess.
 		Where("key_id = ?", key.KeyID).
-		Get(new(keys.DeployKey))
+		Get(new(asymkey_model.DeployKey))
 	if err != nil {
 		return err
 	} else if !has {
-		if err = keys.DeletePublicKeys(ctx, key.KeyID); err != nil {
+		if err = asymkey_model.DeletePublicKeys(ctx, key.KeyID); err != nil {
 			return err
 		}
 	}
diff --git a/services/asymkey/deploy_key.go b/services/asymkey/deploy_key.go
index 54ed1ad3346cc..aa0925ab13392 100644
--- a/services/asymkey/deploy_key.go
+++ b/services/asymkey/deploy_key.go
@@ -6,7 +6,7 @@ package asymkey
 
 import (
 	"code.gitea.io/gitea/models"
-	keys "code.gitea.io/gitea/models/asymkey"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	user_model "code.gitea.io/gitea/models/user"
 )
@@ -26,5 +26,5 @@ func DeleteDeployKey(doer *user_model.User, id int64) error {
 		return err
 	}
 
-	return keys.RewriteAllPublicKeys()
+	return asymkey_model.RewriteAllPublicKeys()
 }

From 0362d20633dd33442ca1f975d4929db8fc02846c Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 6 Dec 2021 16:42:12 +0800
Subject: [PATCH 5/9] Fix test

---
 models/asymkey/main_test.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/models/asymkey/main_test.go b/models/asymkey/main_test.go
index f19895616c900..02862bf895a12 100644
--- a/models/asymkey/main_test.go
+++ b/models/asymkey/main_test.go
@@ -16,5 +16,8 @@ func TestMain(m *testing.M) {
 		"gpg_key.yml",
 		"public_key.yml",
 		"deploy_key.yml",
+		"gpg_key_import.yml",
+		"user.yml",
+		"email_address.yml",
 	)
 }

From 90c10d4cbcc05fc7c3fb1b0afc720c815d9857f2 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Mon, 6 Dec 2021 19:25:58 +0800
Subject: [PATCH 6/9] Fix docs

---
 docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index 786dbc8066a36..e2a2687fa9d68 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -277,7 +277,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
-- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `asymkey_model.PublicKey` and the others are strings which are shellquoted.
+- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
 - `SSH_SERVER_CIPHERS`: **aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_KEY_EXCHANGES`: **diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect

From 5f87b62bdea7fb8ecfc93656ebb9f8415df55346 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 8 Dec 2021 15:55:21 +0800
Subject: [PATCH 7/9] Fix test

---
 models/asymkey/ssh_key_test.go | 5 -----
 models/unittest/testdb.go      | 3 +++
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/models/asymkey/ssh_key_test.go b/models/asymkey/ssh_key_test.go
index 8b1808568808c..62c07c6035973 100644
--- a/models/asymkey/ssh_key_test.go
+++ b/models/asymkey/ssh_key_test.go
@@ -14,11 +14,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func init() {
-	setting.SetCustomPathAndConf("", "", "")
-	setting.LoadForTest()
-}
-
 func Test_SSHParsePublicKey(t *testing.T) {
 	testCases := []struct {
 		name          string
diff --git a/models/unittest/testdb.go b/models/unittest/testdb.go
index 94c93755e0bd6..b8cb6937b8295 100644
--- a/models/unittest/testdb.go
+++ b/models/unittest/testdb.go
@@ -42,6 +42,9 @@ func fatalTestError(fmtStr string, args ...interface{}) {
 // MainTest a reusable TestMain(..) function for unit tests that need to use a
 // test database. Creates the test database, and sets necessary settings.
 func MainTest(m *testing.M, pathToGiteaRoot string, fixtureFiles ...string) {
+	setting.SetCustomPathAndConf("", "", "")
+	setting.LoadForTest()
+
 	var err error
 
 	giteaRoot = pathToGiteaRoot

From 9fb3d241287033b03b7c005876c5c3f2b0418feb Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Wed, 8 Dec 2021 21:33:22 +0800
Subject: [PATCH 8/9] Fix test

---
 models/asymkey/main_test.go | 6 ++++++
 models/main_test.go         | 6 ++++++
 models/unittest/testdb.go   | 3 ---
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/models/asymkey/main_test.go b/models/asymkey/main_test.go
index 02862bf895a12..1c4f7752e2f18 100644
--- a/models/asymkey/main_test.go
+++ b/models/asymkey/main_test.go
@@ -9,8 +9,14 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/setting"
 )
 
+func init() {
+	setting.SetCustomPathAndConf("", "", "")
+	setting.LoadForTest()
+}
+
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, filepath.Join("..", ".."),
 		"gpg_key.yml",
diff --git a/models/main_test.go b/models/main_test.go
index 20107eab1e147..8d5291a8aa0e7 100644
--- a/models/main_test.go
+++ b/models/main_test.go
@@ -10,10 +10,16 @@ import (
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/stretchr/testify/assert"
 )
 
+func init() {
+	setting.SetCustomPathAndConf("", "", "")
+	setting.LoadForTest()
+}
+
 // TestFixturesAreConsistent assert that test fixtures are consistent
 func TestFixturesAreConsistent(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
diff --git a/models/unittest/testdb.go b/models/unittest/testdb.go
index b8cb6937b8295..94c93755e0bd6 100644
--- a/models/unittest/testdb.go
+++ b/models/unittest/testdb.go
@@ -42,9 +42,6 @@ func fatalTestError(fmtStr string, args ...interface{}) {
 // MainTest a reusable TestMain(..) function for unit tests that need to use a
 // test database. Creates the test database, and sets necessary settings.
 func MainTest(m *testing.M, pathToGiteaRoot string, fixtureFiles ...string) {
-	setting.SetCustomPathAndConf("", "", "")
-	setting.LoadForTest()
-
 	var err error
 
 	giteaRoot = pathToGiteaRoot

From 8d36702250c62179d3a96ed877585a4cc1ffb500 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Fri, 10 Dec 2021 11:12:55 +0800
Subject: [PATCH 9/9] merge

---
 cmd/migrate_storage.go                        |  2 +-
 models/asymkey/gpg_key_commit_verification.go | 45 +------------
 models/asymkey/ssh_key_deploy.go              | 64 -------------------
 models/repo.go                                | 30 +--------
 models/statistic.go                           | 11 +---
 routers/api/v1/repo/key.go                    | 11 +---
 routers/api/v1/repo/repo.go                   |  9 ---
 routers/web/repo/repo.go                      |  9 ---
 routers/web/repo/setting.go                   |  9 ---
 services/repository/archiver/archiver.go      |  3 +-
 services/repository/repository.go             |  6 +-
 11 files changed, 8 insertions(+), 191 deletions(-)

diff --git a/cmd/migrate_storage.go b/cmd/migrate_storage.go
index f9770d50e74c8..fb4b8dcd9a3be 100644
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -102,7 +102,7 @@ func migrateAvatars(dstStorage storage.ObjectStorage) error {
 }
 
 func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
-	return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
+	return models.IterateRepository(func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
diff --git a/models/asymkey/gpg_key_commit_verification.go b/models/asymkey/gpg_key_commit_verification.go
index 58f75ba373f04..5ec4e335d506c 100644
--- a/models/asymkey/gpg_key_commit_verification.go
+++ b/models/asymkey/gpg_key_commit_verification.go
@@ -70,7 +70,7 @@ const (
 )
 
 // ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
-func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel TrustModelType, isCodeReader func(*user_model.User) (bool, error)) []*SignCommit {
+func ParseCommitsWithSignature(oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error)) []*SignCommit {
 	newCommits := make([]*SignCommit, 0, len(oldCommits))
 	keyMap := map[string]bool{}
 
@@ -447,50 +447,9 @@ func hashAndVerifyForKeyID(sig *packet.Signature, payload string, committer *use
 	}
 }
 
-// TrustModelType defines the types of trust model for this repository
-type TrustModelType int
-
-// kinds of TrustModel
-const (
-	DefaultTrustModel TrustModelType = iota // default trust model
-	CommitterTrustModel
-	CollaboratorTrustModel
-	CollaboratorCommitterTrustModel
-)
-
-// String converts a TrustModelType to a string
-func (t TrustModelType) String() string {
-	switch t {
-	case DefaultTrustModel:
-		return "default"
-	case CommitterTrustModel:
-		return "committer"
-	case CollaboratorTrustModel:
-		return "collaborator"
-	case CollaboratorCommitterTrustModel:
-		return "collaboratorcommitter"
-	}
-	return "default"
-}
-
-// ToTrustModel converts a string to a TrustModelType
-func ToTrustModel(model string) TrustModelType {
-	switch strings.ToLower(strings.TrimSpace(model)) {
-	case "default":
-		return DefaultTrustModel
-	case "collaborator":
-		return CollaboratorTrustModel
-	case "committer":
-		return CommitterTrustModel
-	case "collaboratorcommitter":
-		return CollaboratorCommitterTrustModel
-	}
-	return DefaultTrustModel
-}
-
 // CalculateTrustStatus will calculate the TrustStatus for a commit verification within a repository
 // There are several trust models in Gitea
-func CalculateTrustStatus(verification *CommitVerification, repoTrustModel TrustModelType, isCodeReader func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) {
+func CalculateTrustStatus(verification *CommitVerification, repoTrustModel repo_model.TrustModelType, isCodeReader func(*user_model.User) (bool, error), keyMap *map[string]bool) (err error) {
 	if !verification.Verified {
 		return
 	}
diff --git a/models/asymkey/ssh_key_deploy.go b/models/asymkey/ssh_key_deploy.go
index 0bdd725ab5ef1..fc6324792a662 100644
--- a/models/asymkey/ssh_key_deploy.go
+++ b/models/asymkey/ssh_key_deploy.go
@@ -11,8 +11,6 @@ import (
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
-	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/timeutil"
 
 	"xorm.io/builder"
@@ -211,68 +209,6 @@ func UpdateDeployKey(key *DeployKey) error {
 	return err
 }
 
-// DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
-func DeleteDeployKey(doer *user_model.User, id int64) error {
-	ctx, committer, err := db.TxContext()
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
-	if err := deleteDeployKey(ctx, doer, id); err != nil {
-		return err
-	}
-	return committer.Commit()
-}
-
-func deleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
-	sess := db.GetEngine(ctx)
-	key, err := getDeployKeyByID(sess, id)
-	if err != nil {
-		if IsErrDeployKeyNotExist(err) {
-			return nil
-		}
-		return fmt.Errorf("GetDeployKeyByID: %v", err)
-	}
-
-	// Check if user has access to delete this key.
-	if !doer.IsAdmin {
-		repo, err := repo_model.GetRepositoryByIDCtx(ctx, key.RepoID)
-		if err != nil {
-			return fmt.Errorf("repo_model.GetRepositoryByID: %v", err)
-		}
-		has, err := isUserRepoAdmin(sess, repo, doer)
-		if err != nil {
-			return fmt.Errorf("GetUserRepoPermission: %v", err)
-		} else if !has {
-			return ErrKeyAccessDenied{doer.ID, key.ID, "deploy"}
-		}
-	}
-
-	if _, err = sess.ID(key.ID).Delete(new(DeployKey)); err != nil {
-		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
-	}
-
-	// Check if this is the last reference to same key content.
-	has, err := sess.
-		Where("key_id = ?", key.KeyID).
-		Get(new(DeployKey))
-	if err != nil {
-		return err
-	} else if !has {
-		if err = deletePublicKeys(sess, key.KeyID); err != nil {
-			return err
-		}
-
-		// after deleted the public keys, should rewrite the public keys file
-		if err = rewriteAllPublicKeys(sess); err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
 // ListDeployKeysOptions are options for ListDeployKeys
 type ListDeployKeysOptions struct {
 	db.ListOptions
diff --git a/models/repo.go b/models/repo.go
index a2d5d27ffe97f..adc62c95284ed 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -416,17 +416,8 @@ type CreateRepoOptions struct {
 	IsMirror       bool
 	IsTemplate     bool
 	AutoInit       bool
-<<<<<<< HEAD
 	Status         repo_model.RepositoryStatus
 	TrustModel     repo_model.TrustModelType
-=======
-	Status         RepositoryStatus
-<<<<<<< HEAD
-	TrustModel     keys.TrustModelType
->>>>>>> 3db02666b (Move keys to models/keys)
-=======
-	TrustModel     asymkey_model.TrustModelType
->>>>>>> 98e1e13cc (Fix package alias)
 	MirrorInterval string
 }
 
@@ -872,11 +863,7 @@ func DeleteRepository(doer *user_model.User, uid, repoID int64) error {
 	}
 	var needRewriteKeysFile = len(deployKeys) > 0
 	for _, dKey := range deployKeys {
-<<<<<<< HEAD
-		if err := deleteDeployKey(ctx, doer, dKey.ID); err != nil {
-=======
 		if err := DeleteDeployKey(ctx, doer, dKey.ID); err != nil {
->>>>>>> 3db02666b (Move keys to models/keys)
 			return fmt.Errorf("deleteDeployKeys: %v", err)
 		}
 	}
@@ -1344,21 +1331,6 @@ func UpdateRepositoryCols(repo *repo_model.Repository, cols ...string) error {
 	return updateRepositoryCols(db.GetEngine(db.DefaultContext), repo, cols...)
 }
 
-<<<<<<< HEAD
-=======
-// GetTrustModel will get the TrustModel for the repo or the default trust model
-func (repo *Repository) GetTrustModel() asymkey_model.TrustModelType {
-	trustModel := repo.TrustModel
-	if trustModel == asymkey_model.DefaultTrustModel {
-		trustModel = asymkey_model.ToTrustModel(setting.Repository.Signing.DefaultTrustModel)
-		if trustModel == asymkey_model.DefaultTrustModel {
-			return asymkey_model.CollaboratorTrustModel
-		}
-	}
-	return trustModel
-}
-
->>>>>>> 3db02666b (Move keys to models/keys)
 func updateUserStarNumbers(users []user_model.User) error {
 	ctx, committer, err := db.TxContext()
 	if err != nil {
@@ -1458,7 +1430,7 @@ func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error
 
 	// Check if user has access to delete this key.
 	if !doer.IsAdmin {
-		repo, err := getRepositoryByID(sess, key.RepoID)
+		repo, err := repo_model.GetRepositoryByIDCtx(ctx, key.RepoID)
 		if err != nil {
 			return fmt.Errorf("GetRepositoryByID: %v", err)
 		}
diff --git a/models/statistic.go b/models/statistic.go
index f15168597224f..175815081f6fb 100644
--- a/models/statistic.go
+++ b/models/statistic.go
@@ -48,17 +48,8 @@ func GetStatistic() (stats Statistic) {
 	e := db.GetEngine(db.DefaultContext)
 	stats.Counter.User = user_model.CountUsers()
 	stats.Counter.Org = CountOrganizations()
-<<<<<<< HEAD
-<<<<<<< HEAD
-	stats.Counter.PublicKey, _ = e.Count(new(PublicKey))
-	stats.Counter.Repo = repo_model.CountRepositories(true)
-=======
-	stats.Counter.PublicKey, _ = e.Count(new(keys.PublicKey))
-=======
 	stats.Counter.PublicKey, _ = e.Count(new(asymkey_model.PublicKey))
->>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
-	stats.Counter.Repo = CountRepositories(true)
->>>>>>> 3db02666b (Move keys to models/keys)
+	stats.Counter.Repo = repo_model.CountRepositories(true)
 	stats.Counter.Watch, _ = e.Count(new(Watch))
 	stats.Counter.Star, _ = e.Count(new(Star))
 	stats.Counter.Action, _ = e.Count(new(Action))
diff --git a/routers/api/v1/repo/key.go b/routers/api/v1/repo/key.go
index 803a59c5f8636..669cc7c51cf80 100644
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -10,7 +10,6 @@ import (
 	"net/http"
 	"net/url"
 
-	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
@@ -25,15 +24,7 @@ import (
 )
 
 // appendPrivateInformation appends the owner and key type information to api.PublicKey
-<<<<<<< HEAD
-<<<<<<< HEAD
-func appendPrivateInformation(apiKey *api.DeployKey, key *models.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) {
-=======
-func appendPrivateInformation(apiKey *api.DeployKey, key *keys_model.DeployKey, repository *models.Repository) (*api.DeployKey, error) {
->>>>>>> 3db02666b (Move keys to models/keys)
-=======
-func appendPrivateInformation(apiKey *api.DeployKey, key *asymkey_model.DeployKey, repository *models.Repository) (*api.DeployKey, error) {
->>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
+func appendPrivateInformation(apiKey *api.DeployKey, key *asymkey_model.DeployKey, repository *repo_model.Repository) (*api.DeployKey, error) {
 	apiKey.ReadOnly = key.Mode == perm.AccessModeRead
 	if repository.ID == key.RepoID {
 		apiKey.Repository = convert.ToRepo(repository, key.Mode)
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 26e9a4f39306a..62f9c372444b8 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -12,7 +12,6 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
@@ -258,15 +257,7 @@ func CreateUserRepo(ctx *context.APIContext, owner *user_model.User, opt api.Cre
 		IsPrivate:     opt.Private,
 		AutoInit:      opt.AutoInit,
 		DefaultBranch: opt.DefaultBranch,
-<<<<<<< HEAD
-<<<<<<< HEAD
 		TrustModel:    repo_model.ToTrustModel(opt.TrustModel),
-=======
-		TrustModel:    keys_model.ToTrustModel(opt.TrustModel),
->>>>>>> 3db02666b (Move keys to models/keys)
-=======
-		TrustModel:    asymkey_model.ToTrustModel(opt.TrustModel),
->>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
 		IsTemplate:    opt.Template,
 	})
 	if err != nil {
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index 23a2eabbf9232..b4bab5960b388 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -13,7 +13,6 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/models/unit"
@@ -262,15 +261,7 @@ func CreatePost(ctx *context.Context) {
 			DefaultBranch: form.DefaultBranch,
 			AutoInit:      form.AutoInit,
 			IsTemplate:    form.Template,
-<<<<<<< HEAD
-<<<<<<< HEAD
 			TrustModel:    repo_model.ToTrustModel(form.TrustModel),
-=======
-			TrustModel:    keys_model.ToTrustModel(form.TrustModel),
->>>>>>> 3db02666b (Move keys to models/keys)
-=======
-			TrustModel:    asymkey_model.ToTrustModel(form.TrustModel),
->>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
 		})
 		if err == nil {
 			log.Trace("Repository created [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
diff --git a/routers/web/repo/setting.go b/routers/web/repo/setting.go
index 131b09cfc6316..bb118a9035fb8 100644
--- a/routers/web/repo/setting.go
+++ b/routers/web/repo/setting.go
@@ -478,16 +478,7 @@ func SettingsPost(ctx *context.Context) {
 
 	case "signing":
 		changed := false
-
-<<<<<<< HEAD
-<<<<<<< HEAD
 		trustModel := repo_model.ToTrustModel(form.TrustModel)
-=======
-		trustModel := keys_model.ToTrustModel(form.TrustModel)
->>>>>>> 3db02666b (Move keys to models/keys)
-=======
-		trustModel := asymkey_model.ToTrustModel(form.TrustModel)
->>>>>>> c486d0ca6 (Rename models/keys -> models/asymkey)
 		if trustModel != repo.TrustModel {
 			repo.TrustModel = trustModel
 			changed = true
diff --git a/services/repository/archiver/archiver.go b/services/repository/archiver/archiver.go
index ea28084dbe93d..fb40c3383d444 100644
--- a/services/repository/archiver/archiver.go
+++ b/services/repository/archiver/archiver.go
@@ -14,7 +14,6 @@ import (
 	"strings"
 	"time"
 
-	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	"code.gitea.io/gitea/modules/git"
@@ -171,7 +170,7 @@ func doArchive(r *ArchiveRequest) (*repo_model.RepoArchiver, error) {
 		rd.Close()
 	}()
 	var done = make(chan error)
-	repo, err := models.GetRepositoryByID(archiver.RepoID)
+	repo, err := repo_model.GetRepositoryByID(archiver.RepoID)
 	if err != nil {
 		return nil, fmt.Errorf("archiver.LoadRepo failed: %v", err)
 	}
diff --git a/services/repository/repository.go b/services/repository/repository.go
index 3e116f8ae6648..17fab57e193ea 100644
--- a/services/repository/repository.go
+++ b/services/repository/repository.go
@@ -31,11 +31,7 @@ func CreateRepository(doer, owner *user_model.User, opts models.CreateRepoOption
 }
 
 // DeleteRepository deletes a repository for a user or organization.
-<<<<<<< HEAD
-func DeleteRepository(doer *user_model.User, repo *repo_model.Repository) error {
-=======
-func DeleteRepository(doer *user_model.User, repo *models.Repository, notify bool) error {
->>>>>>> 3db02666b (Move keys to models/keys)
+func DeleteRepository(doer *user_model.User, repo *repo_model.Repository, notify bool) error {
 	if err := pull_service.CloseRepoBranchesPulls(doer, repo); err != nil {
 		log.Error("CloseRepoBranchesPulls failed: %v", err)
 	}