#include "bintab.h"
#include "bbs.h"
+#include "des.h"
#include "dh.h"
#include "dsa.h"
#include "dsarand.h"
unsigned sz;
octet *p;
key_data *kd;
- int i;
if (!k->bits)
k->bits = 168;
sz = k->bits / 7;
p = sub_alloc(sz);
k->r->ops->fill(k->r, p, sz);
- for (i = 0; i < sz; i++) {
- octet x = p[i] | 0x01;
- x = x ^ (x >> 4);
- x = x ^ (x >> 2);
- x = x ^ (x >> 1);
- p[i] = (p[i] & 0xfe) | (x & 0x01);
- }
+ des_fixparity(p, p, sz);
kd = key_newbinary(KCAT_SYMM | KF_BURN, p, sz);
memset(p, 0, sz);
dolock(k, &kd, 0);
{ "expire", OPTF_ARGREQ, 0, 'e' },
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
+ { "retag", 0, 0, 'r' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
{ "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
} \
} while (0)
+ if ((k->e&KF_ENCMASK) == KENC_ENCRYPT && o->v <= 4)
+ { fputs(" encrypted\n", stdout); return; }
+ if ((k->e&KF_ENCMASK) != KENC_STRUCT && !(k->e&KF_NONSECRET) && o->v <= 3)
+ { fputs(" secret\n", stdout); return; }
+
switch (k->e & KF_ENCMASK) {
/* --- Binary key data --- *
* key. Otherwise just say that it's encrypted and move on.
*/
- case KENC_ENCRYPT:
- if (o->v <= 3)
- fputs(" encrypted\n", stdout);
+ case KENC_ENCRYPT: {
+ key_data *kd;
+ if (key_punlock(&kd, k, d->buf))
+ printf(" <failed to unlock %s>\n", d->buf);
else {
- key_data *kd;
- if (key_punlock(&kd, k, d->buf))
- printf(" <failed to unlock %s>\n", d->buf);
- else {
- fputs(" encrypted", stdout);
- showkeydata(kd, ind, o, d);
- key_drop(kd);
- }
+ fputs(" encrypted", stdout);
+ showkeydata(kd, ind, o, d);
+ key_drop(kd);
}
- break;
+ } break;
/* --- Integer keys --- *
*
argv += optind; argc -= optind;
if (rc) {
die(EXIT_FAILURE,
- "Usage: fingerprint [-a HASHALG] [-p STYLE] [-f FILTER] [TAG...]");
+ "Usage: fingerprint [-a HASH] [-p STYLE] [-f FILTER] [TAG...]");
}
doopen(&f, KOPEN_READ);
argv += optind; argc -= optind;
if (rc || argc != 2) {
die(EXIT_FAILURE,
- "Usage: verify [-a HASHALG] [-p STYLE] [-f FILTER] TAG FINGERPRINT");
+ "Usage: verify [-a HASH] [-p STYLE] [-f FILTER] TAG FINGERPRINT");
}
doopen(&f, KOPEN_READ);
-v, --verbose Show more information.\n\
" },
{ "fingerprint", cmd_finger,
- "fingerprint [-a HASHALG] [-p STYLE] [-f FILTER] [TAG...]", "\
+ "fingerprint [-a HASH] [-p STYLE] [-f FILTER] [TAG...]", "\
Options:\n\
\n\
-f, --filter=FILT Only hash key components matching FILT.\n\
{ "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
"add [-OPTIONS] TYPE [ATTR...]\n\
- Options: [-lqrLKS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
+ Options: [-lqrLKS] [-a ALG] [-bB BITS] [-E PUBEXP] [-p PARAM] [-R TAG]\n\
[-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
[-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
($ show keygen for list.)\n\
-b, --bits=N Generate an N-bit key.\n\
-B, --qbits=N Use an N-bit subgroup or factors.\n\
+-E, --public-exponent=E Use E as RSA public exponent (default 65537)\n\
-p, --parameters=TAG Get group parameters from TAG.\n\
-C, --curve=NAME Use elliptic curve or DH group NAME.\n\
($ show ec or $ show dh for list.)\n\
~mdw / catacomb / blobdiff