progs/key.c: Don't print secret parts of keys at verbosity 3.

[catacomb] / progs / key.c

diff --git a/progs/key.c b/progs/key.c
index 9c9466b..c38ed5d 100644 (file)
--- a/progs/key.c
+++ b/progs/key.c
@@ -1397,6 +1397,11 @@ static void showkeydata(key_data *k, int ind, listopts *o, dstr *d)
   }                                                                    \
 } while (0)
 
+  if ((k->e&KF_ENCMASK) == KENC_ENCRYPT && o->v <= 4)
+    { fputs(" encrypted\n", stdout); return; }
+  if ((k->e&KF_ENCMASK) != KENC_STRUCT && !(k->e&KF_NONSECRET) && o->v <= 3)
+    { fputs(" secret\n", stdout); return; }
+
   switch (k->e & KF_ENCMASK) {
 
     /* --- Binary key data --- *
@@ -1432,20 +1437,16 @@ static void showkeydata(key_data *k, int ind, listopts *o, dstr *d)
      * key.  Otherwise just say that it's encrypted and move on.
      */
 
-    case KENC_ENCRYPT:
-      if (o->v <= 3)
-       fputs(" encrypted\n", stdout);
+    case KENC_ENCRYPT: {
+      key_data *kd;
+      if (key_punlock(&kd, k, d->buf))
+       printf(" <failed to unlock %s>\n", d->buf);
       else {
-       key_data *kd;
-       if (key_punlock(&kd, k, d->buf))
-         printf(" <failed to unlock %s>\n", d->buf);
-       else {
-         fputs(" encrypted", stdout);
-         showkeydata(kd, ind, o, d);
-         key_drop(kd);
-       }
+       fputs(" encrypted", stdout);
+       showkeydata(kd, ind, o, d);
+       key_drop(kd);
       }
-      break;
+    } break;
 
     /* --- Integer keys --- *
      *