From 1852a8b7f95e47ba61221f95db79391fe6a766ae Mon Sep 17 00:00:00 2001 From: "git@daemon.de" Date: Tue, 4 Mar 2014 23:05:47 +0100 Subject: [PATCH] removed -S and -P, replaced by -K, keymgmt determines key type automatically --- ChangeLog | 7 +- README.pod | 3 +- README.txt | 2 +- include/pcp/mgmt.h | 4 +- libpcp/mgmt.c | 28 ++++- man/details.pod | 4 +- man/options.pod | 5 +- man/pcp.pod | 3 +- src/keymgmt.c | 294 ++++++++++++++++++++++---------------------- src/keymgmt.h | 3 +- src/pcp.c | 35 ++---- src/pcp.h | 5 +- src/usage.h | 4 +- src/usage.txt | 4 +- tests/unittests.cfg | 47 ++++--- 15 files changed, 227 insertions(+), 221 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7810ae5..6e1d1a9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -90,7 +90,12 @@ printed. Also added a couple of alias options for existing ones (e.g. -a for armor which is an alias for -z). - + + Removed options -P and -S, replaced by -K (long: + --import-key) used to import a key. The key type + is now determined automatically as well as the + encoding. + 0.2.0 ED25519 and Curve25519 keys are now generated separately (previously they were generated from one random seed, the curve had been derived from diff --git a/README.pod b/README.pod index e3e2bb2..e875040 100644 --- a/README.pod +++ b/README.pod @@ -39,9 +39,8 @@ They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, they have to import it: - Alicia Bobby - pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub + pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub They will see a response as this when done: diff --git a/README.txt b/README.txt index 2b0536b..1be2548 100644 --- a/README.txt +++ b/README.txt @@ -37,7 +37,7 @@ QUICKSTART have to import it: Alicia Bobby - pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub + pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub They will see a response as this when done: diff --git a/include/pcp/mgmt.h b/include/pcp/mgmt.h index 765fc4b..5d25365 100644 --- a/include/pcp/mgmt.h +++ b/include/pcp/mgmt.h @@ -298,11 +298,13 @@ Buffer *pcp_export_c_pub(pcp_key_t *sk); */ Buffer *pcp_export_secret(pcp_key_t *sk, char *passphrase); -pcp_ks_bundle_t *pcp_import_pub(byte *raw, size_t rawsize); +pcp_ks_bundle_t *pcp_import_binpub(byte *raw, size_t rawsize); +pcp_ks_bundle_t *pcp_import_pub(byte *raw, size_t rawsize); /* FIXME: deprecate */ pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob); pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob); /* import secret key */ +pcp_key_t *pcp_import_binsecret(byte *raw, size_t rawsize, char *passphrase); pcp_key_t *pcp_import_secret(byte *raw, size_t rawsize, char *passphrase); pcp_key_t *pcp_import_secret_native(Buffer *cipher, char *passphrase); diff --git a/libpcp/mgmt.c b/libpcp/mgmt.c index 15a5cd4..cfd5e0f 100644 --- a/libpcp/mgmt.c +++ b/libpcp/mgmt.c @@ -170,6 +170,24 @@ int _check_hash_keysig(Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk) { } +pcp_ks_bundle_t *pcp_import_binpub(byte *raw, size_t rawsize) { + Buffer *blob = buffer_new(512, "importblob"); + + buffer_add(blob, raw, rawsize); + + /* now, try to disassemble, if it fails, assume pbp format */ + uint8_t version = buffer_get8(blob); + + if(version == PCP_KEY_VERSION) { + /* ah, homerun */ + return pcp_import_pub_rfc(blob); + } + else { + /* nope, it's probably pbp */ + return pcp_import_pub_pbp(blob); + } +} + pcp_ks_bundle_t *pcp_import_pub(byte *raw, size_t rawsize) { size_t clen; byte *bin = NULL; @@ -703,6 +721,13 @@ Buffer *pcp_export_secret(pcp_key_t *sk, char *passphrase) { return out; } +pcp_key_t *pcp_import_binsecret(byte *raw, size_t rawsize, char *passphrase) { + Buffer *blob = buffer_new(512, "importskblob"); + buffer_add(blob, raw, rawsize); + return pcp_import_secret_native(blob, passphrase); +} + + pcp_key_t *pcp_import_secret(byte *raw, size_t rawsize, char *passphrase) { size_t clen; byte *bin = NULL; @@ -753,7 +778,8 @@ pcp_key_t *pcp_import_secret_native(Buffer *cipher, char *passphrase) { cipherlen = buffer_left(cipher); if(cipherlen < minlen) { - fatal("expected decrypted secret key size %ld is less than minimum len %ld\n", cipherlen, minlen); + fatal("failed to decrypt the secret key file:\n" + "expected encrypted secret key size %ld is less than minimum len %ld\n", cipherlen, minlen); goto impserr1; } diff --git a/man/details.pod b/man/details.pod index 683c786..93c518f 100644 --- a/man/details.pod +++ b/man/details.pod @@ -181,9 +181,7 @@ Here is a list of commandlines and their possible alternatives: pcp -s -O key.pcp -r Bob pcp -s -O key.pcp Bob use 'Bob' as recipient. - pcp -P -I alice.pcp pcp -P alice.pcp use 'alice.pcp' as inputfile. - - pcp -S -I alice.pcp pcp -S alice.pcp use 'alice.pcp' as inputfile. + pcp -K -I alice.pcp pcp -K alice.pcp use 'alice.pcp' as keyfile. =head1 ENVIRONMENT VARIABLES diff --git a/man/options.pod b/man/options.pod index 5dd5331..913e347 100644 --- a/man/options.pod +++ b/man/options.pod @@ -55,10 +55,9 @@ --export been specified, the public part of your primary secret key will be exported. Use -O to export to a file. - -S --import-secret Import a secret key. Use -I to import + -K --import Import a key. pcp determines automatically + --import-key the key type and encodingg. Use -I to import from a file. - -P --import-public Import a public key. Use -I to import - --import from a file. -y --export-yaml Export all keys stored in your vault as YAML formatted text. Use -O to put the export into a file. diff --git a/man/pcp.pod b/man/pcp.pod index 318dd51..8b79d98 100644 --- a/man/pcp.pod +++ b/man/pcp.pod @@ -39,9 +39,8 @@ They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, they have to import it: - Alicia Bobby - pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub + pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub They will see a response as this when done: diff --git a/src/keymgmt.c b/src/keymgmt.c index ad3d67d..1961bb3 100644 --- a/src/keymgmt.c +++ b/src/keymgmt.c @@ -428,151 +428,6 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int -int pcp_importsecret (FILE *in, char *passwd) { - byte *buf = ucmalloc(2048); - size_t buflen = fread(buf, 1, 2048, in); - pcp_key_t *sk = NULL; - - if(buflen > 0) { - /* decrypt the input */ - if(passwd != NULL) { - sk = pcp_import_secret(buf, buflen, passwd); - } - else { - char *passphrase; - pcp_readpass(&passphrase, - "Enter passphrase to decrypt the secret key file", NULL, 1); - sk = pcp_import_secret(buf, buflen, passphrase); - memset(passphrase, 0, strlen(passphrase)); - free(passphrase); - } - if(sk == NULL) { - goto errpcsexpu1; - } - - if(debug) - pcp_dumpkey(sk); - - pcp_key_t *maybe = pcphash_keyexists(sk->id); - if(maybe != NULL) { - fatal("Secretkey sanity check: there already exists a key with the id 0x%s\n", sk->id); - goto errpcsexpu1; - } - - - /* store it */ - if(passwd != NULL) { - sk = pcpkey_encrypt(sk, passwd); - } - else { - char *passphrase; - pcp_readpass(&passphrase, - "Enter passphrase for key encryption", - "Enter the passphrase again", 1); - - if(strnlen(passphrase, 1024) > 0) { - /* encrypt the key */ - sk = pcpkey_encrypt(sk, passphrase); - } - else { - /* ask for confirmation if we shall store it in the clear */ - char *yes = pcp_getstdin( - "WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?"); - if(strncmp(yes, "yes", 1024) != 0) { - memset(sk, 0, sizeof(pcp_key_t)); - free(sk); - memset(passphrase, 0, strlen(passphrase)); - goto errpcsexpu1; - } - } - } - - if(sk != NULL) { - /* store it to the vault if we got it til here */ - if(pcp_sanitycheck_key(sk) == 0) { - if(pcp_storekey(sk) == 0) { - pcpkey_printshortinfo(sk); - memset(sk, 0, sizeof(pcp_key_t)); - free(sk); - return 0; - } - } - } - } - else { - fatal("Input file is empty!\n"); - goto errpcsexpu1; - } - - errpcsexpu1: - ucfree(buf, 2048); - - return 1; -} - -int pcp_importpublic (vault_t *vault, FILE *in) { - byte *buf = ucmalloc(2048); - size_t buflen = fread(buf, 1, 2048, in); - pcp_keysig_t *sk = NULL; - pcp_pubkey_t *pub = NULL; - - if(buflen > 0) { - pcp_ks_bundle_t *bundle = pcp_import_pub(buf, buflen); - - if(bundle == NULL) - goto errip1; - - pcp_keysig_t *sk = bundle->s; - - if(bundle != NULL) { - pcp_pubkey_t *pub = bundle->p; - - if(debug) - pcp_dumppubkey(pub); - - if(sk == NULL) { - fatals_ifany(); - char *yes = pcp_getstdin("WARNING: signature doesn't verify, import anyway [yes|NO]?"); - if(strncmp(yes, "yes", 1024) != 0) { - free(yes); - goto errip1; - } - free(yes); - } - - if(pcp_sanitycheck_pub(pub) == 0) { - if(pcpvault_addkey(vault, (void *)pub, PCP_KEY_TYPE_PUBLIC) == 0) { - fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename); - } - else - goto errip2; - - if(sk != NULL) { - if(pcpvault_addkey(vault, sk, sk->type) != 0) - goto errip2; - } - } - else - goto errip2; - } - } - else { - fatal("Input file is empty!\n"); - goto errip1; - } - - errip2: - ucfree(pub, sizeof(pcp_pubkey_t)); - - errip1: - if(sk != NULL) { - ucfree(sk->blob, sk->size); - ucfree(sk, sizeof(pcp_keysig_t)); - } - ucfree(buf, 2048); - return 1; -} - void pcpdelete_key(char *keyid) { pcp_pubkey_t *p = pcphash_pubkeyexists(keyid); @@ -699,4 +554,153 @@ char *pcp_find_id_byrec(char *recipient) { } +int pcp_import (vault_t *vault, FILE *in, char *passwd) { + byte *buf = ucmalloc(2048); + size_t bufsize; + pcp_pubkey_t *pub = NULL; + pcp_key_t *sk = NULL; + pcp_ks_bundle_t *bundle = NULL; + pcp_keysig_t *keysig = NULL; + int success = 1; /* default fail */ + Pcpstream *pin = ps_new_file(in); + ps_setdetermine(pin, 1024); + + bufsize = ps_read(pin, buf, PCP_BLOCK_SIZE); + + if(bufsize == 0) { + fatal("Input file is empty!\n"); + goto errimp1; + } + + /* first try as rfc pub key */ + bundle = pcp_import_binpub(buf, bufsize); + if(bundle != NULL) { + keysig = bundle->s; + pub = bundle->p; + + if(debug) + pcp_dumppubkey(pub); + + if(keysig == NULL) { + fatals_ifany(); + char *yes = pcp_getstdin("WARNING: signature doesn't verify, import anyway [yes|NO]?"); + if(strncmp(yes, "yes", 1024) != 0) { + free(yes); + goto errimp2; + } + free(yes); + } + + if(pcp_sanitycheck_pub(pub) == 0) { + if(pcpvault_addkey(vault, (void *)pub, PCP_KEY_TYPE_PUBLIC) == 0) { + fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename); + /* avoid double free */ + pub = NULL; + success = 0; + } + else + goto errimp2; + + if(keysig != NULL) { + if(pcpvault_addkey(vault, keysig, keysig->type) != 0) { + /* FIXME: remove pubkey if storing the keysig failed */ + goto errimp2; + } + keysig = NULL; + } + } + else + goto errimp2; + } + else { + /* it's not public key, so let's try to interpret it as secret key */ + if(passwd != NULL) { + sk = pcp_import_secret(buf, bufsize, passwd); + } + else { + char *passphrase; + pcp_readpass(&passphrase, + "Enter passphrase to decrypt the secret key file", NULL, 1); + sk = pcp_import_secret(buf, bufsize, passphrase); + ucfree(passphrase, strlen(passphrase)); + } + + if(sk == NULL) { + goto errimp2; + } + + if(debug) + pcp_dumpkey(sk); + + pcp_key_t *maybe = pcphash_keyexists(sk->id); + if(maybe != NULL) { + fatal("Secretkey sanity check: there already exists a key with the id 0x%s\n", sk->id); + goto errimp2; + } + + /* store it */ + if(passwd != NULL) { + sk = pcpkey_encrypt(sk, passwd); + } + else { + char *passphrase; + pcp_readpass(&passphrase, + "Enter passphrase for key encryption", + "Enter the passphrase again", 1); + + if(strnlen(passphrase, 1024) > 0) { + /* encrypt the key */ + sk = pcpkey_encrypt(sk, passphrase); + ucfree(passphrase, strlen(passphrase)); + } + else { + /* ask for confirmation if we shall store it in the clear */ + char *yes = pcp_getstdin( + "WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?"); + if(strncmp(yes, "yes", 1024) != 0) { + free(yes); + goto errimp1; + } + free(yes); + } + } + + if(sk != NULL) { + /* store it to the vault if we got it til here */ + if(pcp_sanitycheck_key(sk) == 0) { + if(pcp_storekey(sk) == 0) { + pcpkey_printshortinfo(sk); + success = 0; + sk = NULL; + } + } + } + } + + +errimp2: + if(keysig != NULL) { + ucfree(keysig->blob, keysig->size); + ucfree(keysig, sizeof(pcp_keysig_t)); + } + + if(bundle != NULL) { + free(bundle); + } + + if(pub != NULL) { + ucfree(pub, sizeof(pcp_pubkey_t)); + } + + if(sk != NULL) { + ucfree(sk, sizeof(pcp_key_t)); + } + + ucfree(buf, bufsize); + + errimp1: + ps_close(pin); + + return success; +} diff --git a/src/keymgmt.h b/src/keymgmt.h index 4a06aea..d53b312 100644 --- a/src/keymgmt.h +++ b/src/keymgmt.h @@ -57,8 +57,7 @@ pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd); char *pcp_normalize_id(char *keyid); pcp_key_t *pcp_find_primary_secret(); -int pcp_importpublic (vault_t *vault, FILE *in); -int pcp_importsecret (FILE *in, char *passwd); +int pcp_import (vault_t *vault, FILE *in, char *passwd); void pcpdelete_key(char *keyid); char *pcp_find_id_byrec(char *recipient); diff --git a/src/pcp.c b/src/pcp.c index 4c11803..b045313 100644 --- a/src/pcp.c +++ b/src/pcp.c @@ -90,9 +90,8 @@ int main (int argc, char **argv) { { "export-secret", no_argument, NULL, 's' }, { "export-public", no_argument, NULL, 'p' }, { "export", no_argument, NULL, 'p' }, /* alias -p */ - { "import-secret", no_argument, NULL, 'S' }, - { "import-public", no_argument, NULL, 'P' }, - { "import", no_argument, NULL, 'P' }, /* alias -P */ + { "import", no_argument, NULL, 'K' }, /* alias -P */ + { "import-key", no_argument, NULL, 'K' }, /* alias -K */ { "remove-key", no_argument, NULL, 'R' }, { "edit-key", no_argument, NULL, 'E' }, { "export-yaml", no_argument, NULL, 'y' }, @@ -122,7 +121,7 @@ int main (int argc, char **argv) { { NULL, 0, NULL, 0 } }; - while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcymf:b1F:0", + while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcymf:b1F:0K", longopts, NULL)) != -1) { switch (opt) { @@ -153,12 +152,8 @@ int main (int argc, char **argv) { mode += PCP_MODE_EXPORT_PUBLIC; usevault = 1; break; - case 'P': - mode += PCP_MODE_IMPORT_PUBLIC; - usevault = 1; - break; - case 'S': - mode += PCP_MODE_IMPORT_SECRET; + case 'K': + mode += PCP_MODE_IMPORT; usevault = 1; break; case 'R': @@ -344,8 +339,7 @@ int main (int argc, char **argv) { } break; - case PCP_MODE_IMPORT_PUBLIC: - case PCP_MODE_IMPORT_SECRET: + case PCP_MODE_IMPORT: if(infile == NULL) infile = extra; break; @@ -436,7 +430,7 @@ int main (int argc, char **argv) { free(recipient); break; - case PCP_MODE_IMPORT_PUBLIC: + case PCP_MODE_IMPORT: if(infile == NULL) in = stdin; else { @@ -446,20 +440,7 @@ int main (int argc, char **argv) { break; } } - pcp_importpublic(vault, in); - break; - - case PCP_MODE_IMPORT_SECRET: - if(infile == NULL) - in = stdin; - else { - if((in = fopen(infile, "rb")) == NULL) { - fatal("Could not open input file %s\n", infile); - free(infile); - break; - } - } - pcp_importsecret(in, xpass); + pcp_import(vault, in, xpass); break; case PCP_MODE_DELETE_KEY: diff --git a/src/pcp.h b/src/pcp.h index 4c503aa..ee6702e 100644 --- a/src/pcp.h +++ b/src/pcp.h @@ -54,8 +54,8 @@ #define PCP_MODE_LISTKEYS 0x00000004 #define PCP_MODE_EXPORT_SECRET 0x00000009 #define PCP_MODE_EXPORT_PUBLIC 0x00000011 -#define PCP_MODE_IMPORT_SECRET 0x00000020 -#define PCP_MODE_IMPORT_PUBLIC 0x00000038 +#define PCP_MODE_IMPORT 0x00000020 +#define PCP_MODE_ENCRYPT_ME 0x00000038 #define PCP_MODE_DELETE_KEY 0x00000061 #define PCP_MODE_TEXT 0x000000A6 #define PCP_MODE_EDIT 0x0000011D @@ -66,7 +66,6 @@ #define PCP_MODE_SIGN 0x00000FF6 #define PCP_MODE_VERIFY 0x00001B25 #define PCP_MODE_YAML 0x00002E27 -#define PCP_MODE_ENCRYPT_ME 0x00004E77 /* 0x00001B25 diff --git a/src/usage.h b/src/usage.h index e34622d..f9de65c 100644 --- a/src/usage.h +++ b/src/usage.h @@ -2,8 +2,8 @@ #define _HAVE_USAGE_H #define PCP_HELP "\n" \ "Usage: pcp1 [ --help | --version ]\n" \ -" [ --keygen | --listkeys | --remove-key | --edit-key ]\n" \ -" [ --export-public | --export-secret | --import-public | --import-secret ]\n" \ +" [ --keygen | --listkeys | --remove-key | --edit-key ]\n" \ +" [ --export-public | --export-secret | --import ]\n" \ " [ --encrypt | --decrypt ]\n" \ " [ --sign | --check-signature ]\n" \ " [ arguments ]\n" \ diff --git a/src/usage.txt b/src/usage.txt index 9115304..fc1d716 100644 --- a/src/usage.txt +++ b/src/usage.txt @@ -1,7 +1,7 @@ Usage: pcp1 [ --help | --version ] - [ --keygen | --listkeys | --remove-key | --edit-key ] - [ --export-public | --export-secret | --import-public | --import-secret ] + [ --keygen | --listkeys | --remove-key | --edit-key ] + [ --export-public | --export-secret | --import ] [ --encrypt | --decrypt ] [ --sign | --check-signature ] [ arguments ] diff --git a/tests/unittests.cfg b/tests/unittests.cfg index 47effdd..bc32d0d 100644 --- a/tests/unittests.cfg +++ b/tests/unittests.cfg @@ -142,7 +142,7 @@ dxmorg@florida.cops.gov - cmd = $pcp -V $vault -P -I bart.pub + cmd = $pcp -V $vault -K -I bart.pub expect = /key $bartid added/ @@ -197,12 +197,12 @@ temporarily disabled # alicias part prepare = echo ${md5msg} > testmessage - cmd = $pcp -V va -S -I key-alicia-sec -x a + cmd = $pcp -V va -K -I key-alicia-sec -x a expect = /${idalicia}/ - cmd = $pcp -V va -P -I key-bobby-pub + cmd = $pcp -V va -K -I key-bobby-pub expect = /${idbobby}/ @@ -215,12 +215,12 @@ temporarily disabled # bobbys part - cmd = $pcp -V vb -S -I key-bobby-sec -x b + cmd = $pcp -V vb -K -I key-bobby-sec -x b expect = /${idbobby}/ - cmd = $pcp -V vb -P -I key-alicia-pub + cmd = $pcp -V vb -K -I key-alicia-pub expect = /${idalicia}/ @@ -262,7 +262,7 @@ temporarily disabled - cmd = $pcp -V vcl -I key-bobby-pub -P + cmd = $pcp -V vcl -I key-bobby-pub -K expect = /added/ @@ -272,12 +272,12 @@ temporarily disabled - cmd = $pcp -V vb2 -S -I key-bobby-sec -x b + cmd = $pcp -V vb2 -K -I key-bobby-sec -x b expect = /${idbobby}/ - cmd = $pcp -V vb2 -P -I testkeyvcl + cmd = $pcp -V vb2 -K -I testkeyvcl expect = /added/ @@ -350,12 +350,12 @@ temporarily disabled # # negative tests, check for error handling - cmd = $pcp -V $vault -S -P + cmd = $pcp -V $vault -K -K expect = /invalid combination of commandline parameters/ - cmd = $pcp -V $vault -I nonexist -P + cmd = $pcp -V $vault -I nonexist -K expect = /Could not open input file nonexist/ @@ -414,7 +414,7 @@ temporarily disabled - prepare = $pcp -V $vault -P -I bart.pub + prepare = $pcp -V $vault -K -I bart.pub cmd = $pcp -V $vault -l | grep public | cut -d ' ' -f 1 \ | tail -1 | xargs $pcp -V $vault -p -O nonexistentdir/keyfile expect = /Could not create output file nonexistentdir/ @@ -422,13 +422,13 @@ temporarily disabled prepare = touch testfile-empty - cmd = $pcp -V $vault -P -I testfile-empty + cmd = $pcp -V $vault -K -I testfile-empty expect = /file is empty/ prepare = perl -e 'print "X" x 5000; print "\n"' > testfile-toolong - cmd = $pcp -V $vault -P -I testfile-toolong + cmd = $pcp -V $vault -K -I testfile-toolong -x x expect = /failed/ @@ -439,7 +439,7 @@ temporarily disabled prepare = ./jot 30 | while read ignore; do \ echo XXXXXXXXXXXXXXXXXX; done > testfile-noz85 - cmd = $pcp -V $vault -P -I testfile-noz85 + cmd = $pcp -V $vault -K -I testfile-noz85 expect = /could not decode input/ */ @@ -447,17 +447,12 @@ temporarily disabled prepare = ./jot 30 | while read ignore; do echo XXXXX; done \ | $pcp -z > testfile-nokey - cmd = $pcp -V $vault -P -I testfile-nokey - expect = /failed/ - - - - cmd = $pcp -V $vault -S -I bart.pub -x a + cmd = $pcp -V $vault -K -I testfile-nokey -x x expect = /failed/ - cmd = $pcp -V $vault -P -I bart.pub + cmd = $pcp -V $vault -K -I bart.pub expect = /there already exists a key/ @@ -471,26 +466,26 @@ temporarily disabled prepare = ./invalidkeys - cmd = $pcp -V $vault -S -I testkey-wrong-version -x xxx + cmd = $pcp -V $vault -K -I testkey-wrong-version -x xxx expect = /unknown key version/ - cmd = $pcp -V $vault -S -I testkey-wrong-serial -x xxx + cmd = $pcp -V $vault -K -I testkey-wrong-serial -x xxx expect = /invalid serial number/ - cmd = $pcp -V $vault -S -I testkey-invalid-ctime -x xxx + cmd = $pcp -V $vault -K -I testkey-invalid-ctime -x xxx expect = /invalid creation timestamp/ /* - cmd = $pcp -V $vault -P -I testpubkey-wrong-type + cmd = $pcp -V $vault -K -I testpubkey-wrong-type expect = /key type is not PUBLIC/ - cmd = $pcp -V $vault -P -I testpubkey-wrong-version + cmd = $pcp -V $vault -K -I testpubkey-wrong-version expect = /unknown key version/ */