{ "expire", OPTF_ARGREQ, 0, 'e' },
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
{ "expire", OPTF_ARGREQ, 0, 'e' },
{ "comment", OPTF_ARGREQ, 0, 'c' },
{ "tag", OPTF_ARGREQ, 0, 't' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
{ "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
{ "rand-id", OPTF_ARGREQ, 0, 'R' },
{ "key-id", OPTF_ARGREQ, 0, 'I' },
{ "curve", OPTF_ARGREQ, 0, 'C' },
+ if ((k->e&KF_ENCMASK) == KENC_ENCRYPT && o->v <= 4)
+ { fputs(" encrypted\n", stdout); return; }
+ if ((k->e&KF_ENCMASK) != KENC_STRUCT && !(k->e&KF_NONSECRET) && o->v <= 3)
+ { fputs(" secret\n", stdout); return; }
+
- case KENC_ENCRYPT:
- if (o->v <= 3)
- fputs(" encrypted\n", stdout);
+ case KENC_ENCRYPT: {
+ key_data *kd;
+ if (key_punlock(&kd, k, d->buf))
+ printf(" <failed to unlock %s>\n", d->buf);
- key_data *kd;
- if (key_punlock(&kd, k, d->buf))
- printf(" <failed to unlock %s>\n", d->buf);
- else {
- fputs(" encrypted", stdout);
- showkeydata(kd, ind, o, d);
- key_drop(kd);
- }
+ fputs(" encrypted", stdout);
+ showkeydata(kd, ind, o, d);
+ key_drop(kd);
{ "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
"add [-OPTIONS] TYPE [ATTR...]\n\
{ "tidy", cmd_tidy, "tidy" },
{ "add", cmd_add,
"add [-OPTIONS] TYPE [ATTR...]\n\
[-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
[-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
[-A SEEDALG] [-s SEED] [-n BITS] [-I KEYID]\n\
[-e EXPIRE] [-t TAG] [-c COMMENT]", "\
Options:\n\
($ show keygen for list.)\n\
-b, --bits=N Generate an N-bit key.\n\
-B, --qbits=N Use an N-bit subgroup or factors.\n\
($ show keygen for list.)\n\
-b, --bits=N Generate an N-bit key.\n\
-B, --qbits=N Use an N-bit subgroup or factors.\n\
-p, --parameters=TAG Get group parameters from TAG.\n\
-C, --curve=NAME Use elliptic curve or DH group NAME.\n\
($ show ec or $ show dh for list.)\n\
-p, --parameters=TAG Get group parameters from TAG.\n\
-C, --curve=NAME Use elliptic curve or DH group NAME.\n\
($ show ec or $ show dh for list.)\n\