unsigned i, w;
LIST("Built-in prime fields", stdout, ptab[i].name, ptab[i].name);
exit(0);
unsigned i, w;
LIST("Built-in prime fields", stdout, ptab[i].name, ptab[i].name);
exit(0);
unsigned i, w;
LIST("Built-in binary fields", stdout,
bintab[i].name, bintab[i].name);
unsigned i, w;
LIST("Built-in binary fields", stdout,
bintab[i].name, bintab[i].name);
unsigned i, w;
LIST("Built-in elliptic curves", stdout,
ectab[i].name, ectab[i].name);
unsigned i, w;
LIST("Built-in elliptic curves", stdout,
ectab[i].name, ectab[i].name);
- _(ed25519, ED25519, "Ed25519")
+ _(ed25519, ED25519, "Ed25519") \
+ _(ed448, ED448, "Ed448")
{ "expire", OPTF_ARGREQ, 0, 'e' },
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
{ "expire", OPTF_ARGREQ, 0, 'e' },
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
{ "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
{ "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
for (a = algtab; a->name; a++)
printf("%-10s %s\n", a->name, a->help);
return (0);
for (a = algtab; a->name; a++)
printf("%-10s %s\n", a->name, a->help);
return (0);
if (seed) die(EXIT_FAILURE, "seed already set -- put -A first");
sa = 0;
for (ss = seedtab; ss->p; ss++) {
if (seed) die(EXIT_FAILURE, "seed already set -- put -A first");
sa = 0;
for (ss = seedtab; ss->p; ss++) {
+ if ((k->e&KF_ENCMASK) == KENC_ENCRYPT && o->v <= 4)
+ { fputs(" encrypted\n", stdout); return; }
+ if ((k->e&KF_ENCMASK) != KENC_STRUCT && !(k->e&KF_NONSECRET) && o->v <= 3)
+ { fputs(" secret\n", stdout); return; }
+
- case KENC_ENCRYPT:
- if (o->v <= 3)
- fputs(" encrypted\n", stdout);
+ case KENC_ENCRYPT: {
+ key_data *kd;
+ if (key_punlock(&kd, k, d->buf))
+ printf(" <failed to unlock %s>\n", d->buf);
- key_data *kd;
- if (key_punlock(&kd, k, d->buf))
- printf(" <failed to unlock %s>\n", d->buf);
- else {
- fputs(" encrypted", stdout);
- showkeydata(kd, ind, o, d);
- key_drop(kd);
- }
+ fputs(" encrypted", stdout);
+ showkeydata(kd, ind, o, d);
+ key_drop(kd);
if (!key_fingerprint(k, h, &kf))
die(EXIT_FAILURE, "key has no fingerprintable components (as filtered)");
fpr = GH_DONE(h, 0);
if (!key_fingerprint(k, h, &kf))
die(EXIT_FAILURE, "key has no fingerprintable components (as filtered)");
fpr = GH_DONE(h, 0);
die(EXIT_FAILURE, "key fingerprint mismatch");
dstr_destroy(&d); dstr_destroy(&dd);
doclose(&f);
die(EXIT_FAILURE, "key fingerprint mismatch");
dstr_destroy(&d); dstr_destroy(&dd);
doclose(&f);
- if ((k = key_bytag(&f, argv[1])) != 0 && strcmp(k->tag, argv[1]) == 0)
+ if ((k = key_bytag(&f, argv[1])) != 0 && STRCMP(k->tag, ==, argv[1]))
argv += optind; argc -= optind;
if (rc || argc < 1)
die(EXIT_FAILURE, "Usage: extract [-f FILTER] FILE [TAG...]");
argv += optind; argc -= optind;
if (rc || argc < 1)
die(EXIT_FAILURE, "Usage: extract [-f FILTER] FILE [TAG...]");
fp = stdin;
else if (!(fp = fopen(argv[1], "r"))) {
die(EXIT_FAILURE, "couldn't open `%s' for reading: %s",
fp = stdin;
else if (!(fp = fopen(argv[1], "r"))) {
die(EXIT_FAILURE, "couldn't open `%s' for reading: %s",
-v, --verbose Show more information.\n\
" },
{ "fingerprint", cmd_finger,
-v, --verbose Show more information.\n\
" },
{ "fingerprint", cmd_finger,
{ "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
"add [-OPTIONS] TYPE [ATTR...]\n\
{ "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
"add [-OPTIONS] TYPE [ATTR...]\n\
[-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
[-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
[-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
[-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
($ show keygen for list.)\n\
-b, --bits=N Generate an N-bit key.\n\
-B, --qbits=N Use an N-bit subgroup or factors.\n\
($ show keygen for list.)\n\
-b, --bits=N Generate an N-bit key.\n\
-B, --qbits=N Use an N-bit subgroup or factors.\n\
-p, --parameters=TAG Get group parameters from TAG.\n\
-C, --curve=NAME Use elliptic curve or DH group NAME.\n\
($ show ec or $ show dh for list.)\n\
-p, --parameters=TAG Get group parameters from TAG.\n\
-C, --curve=NAME Use elliptic curve or DH group NAME.\n\
($ show ec or $ show dh for list.)\n\