{ "expire", OPTF_ARGREQ, 0, 'e' },
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
+ { "retag", 0, 0, 'r' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
{ "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
} \
} while (0)
+ if ((k->e&KF_ENCMASK) == KENC_ENCRYPT && o->v <= 4)
+ { fputs(" encrypted\n", stdout); return; }
+ if ((k->e&KF_ENCMASK) != KENC_STRUCT && !(k->e&KF_NONSECRET) && o->v <= 3)
+ { fputs(" secret\n", stdout); return; }
+
switch (k->e & KF_ENCMASK) {
/* --- Binary key data --- *
* key. Otherwise just say that it's encrypted and move on.
*/
- case KENC_ENCRYPT:
- if (o->v <= 3)
- fputs(" encrypted\n", stdout);
+ case KENC_ENCRYPT: {
+ key_data *kd;
+ if (key_punlock(&kd, k, d->buf))
+ printf(" <failed to unlock %s>\n", d->buf);
else {
- key_data *kd;
- if (key_punlock(&kd, k, d->buf))
- printf(" <failed to unlock %s>\n", d->buf);
- else {
- fputs(" encrypted", stdout);
- showkeydata(kd, ind, o, d);
- key_drop(kd);
- }
+ fputs(" encrypted", stdout);
+ showkeydata(kd, ind, o, d);
+ key_drop(kd);
}
- break;
+ } break;
/* --- Integer keys --- *
*
{ "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
"add [-OPTIONS] TYPE [ATTR...]\n\
- Options: [-lqrLKS] [-a ALG] [-bB BITS] [-p PARAM] [-R TAG]\n\
+ Options: [-lqrLKS] [-a ALG] [-bB BITS] [-E PUBEXP] [-p PARAM] [-R TAG]\n\
[-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
[-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
($ show keygen for list.)\n\
-b, --bits=N Generate an N-bit key.\n\
-B, --qbits=N Use an N-bit subgroup or factors.\n\
+-E, --public-exponent=E Use E as RSA public exponent (default 65537)\n\
-p, --parameters=TAG Get group parameters from TAG.\n\
-C, --curve=NAME Use elliptic curve or DH group NAME.\n\
($ show ec or $ show dh for list.)\n\