scip/pcp
1
0
Fork 0
mirror of https://codeberg.org/scip/pcp.git synced 2025-12-17 12:00:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

removed -S and -P, replaced by -K, keymgmt determines key type automatically

Browse Source
This commit is contained in:
git@daemon.de
2014-03-04 23:05:47 +01:00
parent 3d2cdb8b89
commit 1852a8b7f9
15 changed files with 227 additions and 221 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@@ -90,7 +90,12 @@
printed. Also added a couple of alias options for
existing ones (e.g. -a for armor which is an alias
for -z).
Removed options -P and -S, replaced by -K (long:
--import-key) used to import a key. The key type
is now determined automatically as well as the
encoding.
0.2.0 ED25519 and Curve25519 keys are now generated
separately (previously they were generated from
one random seed, the curve had been derived from

3
README.pod
View File

@@ -39,9 +39,8 @@ They've to exchange the public key somehow (which is not my
problem at the moment, use ssh, encrypted mail, whatever). Once exchanged,
they have to import it:
Alicia Bobby
pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:

2
README.txt
View File

@@ -37,7 +37,7 @@ QUICKSTART
have to import it:
Alicia Bobby
pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:

4
include/pcp/mgmt.h
View File

@@ -298,11 +298,13 @@ Buffer *pcp_export_c_pub(pcp_key_t *sk);
*/
Buffer *pcp_export_secret(pcp_key_t *sk, char *passphrase);
pcp_ks_bundle_t *pcp_import_pub(byte *raw, size_t rawsize);
pcp_ks_bundle_t *pcp_import_binpub(byte *raw, size_t rawsize);
pcp_ks_bundle_t *pcp_import_pub(byte *raw, size_t rawsize); /* FIXME: deprecate */
pcp_ks_bundle_t *pcp_import_pub_rfc(Buffer *blob);
pcp_ks_bundle_t *pcp_import_pub_pbp(Buffer *blob);
/* import secret key */
pcp_key_t *pcp_import_binsecret(byte *raw, size_t rawsize, char *passphrase);
pcp_key_t *pcp_import_secret(byte *raw, size_t rawsize, char *passphrase);
pcp_key_t *pcp_import_secret_native(Buffer *cipher, char *passphrase);

28
libpcp/mgmt.c
View File

@@ -170,6 +170,24 @@ int _check_hash_keysig(Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk) {
}
pcp_ks_bundle_t *pcp_import_binpub(byte *raw, size_t rawsize) {
Buffer *blob = buffer_new(512, "importblob");
buffer_add(blob, raw, rawsize);
/* now, try to disassemble, if it fails, assume pbp format */
uint8_t version = buffer_get8(blob);
if(version == PCP_KEY_VERSION) {
/* ah, homerun */
return pcp_import_pub_rfc(blob);
}
else {
/* nope, it's probably pbp */
return pcp_import_pub_pbp(blob);
}
}
pcp_ks_bundle_t *pcp_import_pub(byte *raw, size_t rawsize) {
size_t clen;
byte *bin = NULL;
@@ -703,6 +721,13 @@ Buffer *pcp_export_secret(pcp_key_t *sk, char *passphrase) {
return out;
}
pcp_key_t *pcp_import_binsecret(byte *raw, size_t rawsize, char *passphrase) {
Buffer *blob = buffer_new(512, "importskblob");
buffer_add(blob, raw, rawsize);
return pcp_import_secret_native(blob, passphrase);
}
pcp_key_t *pcp_import_secret(byte *raw, size_t rawsize, char *passphrase) {
size_t clen;
byte *bin = NULL;
@@ -753,7 +778,8 @@ pcp_key_t *pcp_import_secret_native(Buffer *cipher, char *passphrase) {
cipherlen = buffer_left(cipher);
if(cipherlen < minlen) {
fatal("expected decrypted secret key size %ld is less than minimum len %ld\n", cipherlen, minlen);
fatal("failed to decrypt the secret key file:\n"
"expected encrypted secret key size %ld is less than minimum len %ld\n", cipherlen, minlen);
goto impserr1;
}

4
man/details.pod
View File

@@ -181,9 +181,7 @@ Here is a list of commandlines and their possible alternatives:
pcp -s -O key.pcp -r Bob pcp -s -O key.pcp Bob use 'Bob' as recipient.
pcp -P -I alice.pcp pcp -P alice.pcp use 'alice.pcp' as inputfile.
pcp -S -I alice.pcp pcp -S alice.pcp use 'alice.pcp' as inputfile.
pcp -K -I alice.pcp pcp -K alice.pcp use 'alice.pcp' as keyfile.
=head1 ENVIRONMENT VARIABLES

5
man/options.pod
View File

@@ -55,10 +55,9 @@
--export been specified, the public part of your
primary secret key will be exported.
Use -O to export to a file.
-S --import-secret Import a secret key. Use -I to import
-K --import Import a key. pcp determines automatically
--import-key the key type and encodingg. Use -I to import
from a file.
-P --import-public Import a public key. Use -I to import
--import from a file.
-y --export-yaml Export all keys stored in your vault
as YAML formatted text. Use -O to put
the export into a file.

3
man/pcp.pod
View File

@@ -39,9 +39,8 @@ They've to exchange the public key somehow (which is not my
problem at the moment, use ssh, encrypted mail, whatever). Once exchanged,
they have to import it:
Alicia Bobby
pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub
pcp1 -K -I bobby.pub pcp1 -K -I alicia.pub
They will see a response as this when done:

294
src/keymgmt.c
View File

@@ -428,151 +428,6 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
int pcp_importsecret (FILE *in, char *passwd) {
byte *buf = ucmalloc(2048);
size_t buflen = fread(buf, 1, 2048, in);
pcp_key_t *sk = NULL;
if(buflen > 0) {
/* decrypt the input */
if(passwd != NULL) {
sk = pcp_import_secret(buf, buflen, passwd);
}
else {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase to decrypt the secret key file", NULL, 1);
sk = pcp_import_secret(buf, buflen, passphrase);
memset(passphrase, 0, strlen(passphrase));
free(passphrase);
}
if(sk == NULL) {
goto errpcsexpu1;
}
if(debug)
pcp_dumpkey(sk);
pcp_key_t *maybe = pcphash_keyexists(sk->id);
if(maybe != NULL) {
fatal("Secretkey sanity check: there already exists a key with the id 0x%s\n", sk->id);
goto errpcsexpu1;
}
/* store it */
if(passwd != NULL) {
sk = pcpkey_encrypt(sk, passwd);
}
else {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase for key encryption",
"Enter the passphrase again", 1);
if(strnlen(passphrase, 1024) > 0) {
/* encrypt the key */
sk = pcpkey_encrypt(sk, passphrase);
}
else {
/* ask for confirmation if we shall store it in the clear */
char *yes = pcp_getstdin(
"WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?");
if(strncmp(yes, "yes", 1024) != 0) {
memset(sk, 0, sizeof(pcp_key_t));
free(sk);
memset(passphrase, 0, strlen(passphrase));
goto errpcsexpu1;
}
}
}
if(sk != NULL) {
/* store it to the vault if we got it til here */
if(pcp_sanitycheck_key(sk) == 0) {
if(pcp_storekey(sk) == 0) {
pcpkey_printshortinfo(sk);
memset(sk, 0, sizeof(pcp_key_t));
free(sk);
return 0;
}
}
}
}
else {
fatal("Input file is empty!\n");
goto errpcsexpu1;
}
errpcsexpu1:
ucfree(buf, 2048);
return 1;
}
int pcp_importpublic (vault_t *vault, FILE *in) {
byte *buf = ucmalloc(2048);
size_t buflen = fread(buf, 1, 2048, in);
pcp_keysig_t *sk = NULL;
pcp_pubkey_t *pub = NULL;
if(buflen > 0) {
pcp_ks_bundle_t *bundle = pcp_import_pub(buf, buflen);
if(bundle == NULL)
goto errip1;
pcp_keysig_t *sk = bundle->s;
if(bundle != NULL) {
pcp_pubkey_t *pub = bundle->p;
if(debug)
pcp_dumppubkey(pub);
if(sk == NULL) {
fatals_ifany();
char *yes = pcp_getstdin("WARNING: signature doesn't verify, import anyway [yes|NO]?");
if(strncmp(yes, "yes", 1024) != 0) {
free(yes);
goto errip1;
}
free(yes);
}
if(pcp_sanitycheck_pub(pub) == 0) {
if(pcpvault_addkey(vault, (void *)pub, PCP_KEY_TYPE_PUBLIC) == 0) {
fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename);
}
else
goto errip2;
if(sk != NULL) {
if(pcpvault_addkey(vault, sk, sk->type) != 0)
goto errip2;
}
}
else
goto errip2;
}
}
else {
fatal("Input file is empty!\n");
goto errip1;
}
errip2:
ucfree(pub, sizeof(pcp_pubkey_t));
errip1:
if(sk != NULL) {
ucfree(sk->blob, sk->size);
ucfree(sk, sizeof(pcp_keysig_t));
}
ucfree(buf, 2048);
return 1;
}
void pcpdelete_key(char *keyid) {
pcp_pubkey_t *p = pcphash_pubkeyexists(keyid);
@@ -699,4 +554,153 @@ char *pcp_find_id_byrec(char *recipient) {
}
int pcp_import (vault_t *vault, FILE *in, char *passwd) {
byte *buf = ucmalloc(2048);
size_t bufsize;
pcp_pubkey_t *pub = NULL;
pcp_key_t *sk = NULL;
pcp_ks_bundle_t *bundle = NULL;
pcp_keysig_t *keysig = NULL;
int success = 1; /* default fail */
Pcpstream *pin = ps_new_file(in);
ps_setdetermine(pin, 1024);
bufsize = ps_read(pin, buf, PCP_BLOCK_SIZE);
if(bufsize == 0) {
fatal("Input file is empty!\n");
goto errimp1;
}
/* first try as rfc pub key */
bundle = pcp_import_binpub(buf, bufsize);
if(bundle != NULL) {
keysig = bundle->s;
pub = bundle->p;
if(debug)
pcp_dumppubkey(pub);
if(keysig == NULL) {
fatals_ifany();
char *yes = pcp_getstdin("WARNING: signature doesn't verify, import anyway [yes|NO]?");
if(strncmp(yes, "yes", 1024) != 0) {
free(yes);
goto errimp2;
}
free(yes);
}
if(pcp_sanitycheck_pub(pub) == 0) {
if(pcpvault_addkey(vault, (void *)pub, PCP_KEY_TYPE_PUBLIC) == 0) {
fprintf(stderr, "key 0x%s added to %s.\n", pub->id, vault->filename);
/* avoid double free */
pub = NULL;
success = 0;
}
else
goto errimp2;
if(keysig != NULL) {
if(pcpvault_addkey(vault, keysig, keysig->type) != 0) {
/* FIXME: remove pubkey if storing the keysig failed */
goto errimp2;
}
keysig = NULL;
}
}
else
goto errimp2;
}
else {
/* it's not public key, so let's try to interpret it as secret key */
if(passwd != NULL) {
sk = pcp_import_secret(buf, bufsize, passwd);
}
else {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase to decrypt the secret key file", NULL, 1);
sk = pcp_import_secret(buf, bufsize, passphrase);
ucfree(passphrase, strlen(passphrase));
}
if(sk == NULL) {
goto errimp2;
}
if(debug)
pcp_dumpkey(sk);
pcp_key_t *maybe = pcphash_keyexists(sk->id);
if(maybe != NULL) {
fatal("Secretkey sanity check: there already exists a key with the id 0x%s\n", sk->id);
goto errimp2;
}
/* store it */
if(passwd != NULL) {
sk = pcpkey_encrypt(sk, passwd);
}
else {
char *passphrase;
pcp_readpass(&passphrase,
"Enter passphrase for key encryption",
"Enter the passphrase again", 1);
if(strnlen(passphrase, 1024) > 0) {
/* encrypt the key */
sk = pcpkey_encrypt(sk, passphrase);
ucfree(passphrase, strlen(passphrase));
}
else {
/* ask for confirmation if we shall store it in the clear */
char *yes = pcp_getstdin(
"WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?");
if(strncmp(yes, "yes", 1024) != 0) {
free(yes);
goto errimp1;
}
free(yes);
}
}
if(sk != NULL) {
/* store it to the vault if we got it til here */
if(pcp_sanitycheck_key(sk) == 0) {
if(pcp_storekey(sk) == 0) {
pcpkey_printshortinfo(sk);
success = 0;
sk = NULL;
}
}
}
}
errimp2:
if(keysig != NULL) {
ucfree(keysig->blob, keysig->size);
ucfree(keysig, sizeof(pcp_keysig_t));
}
if(bundle != NULL) {
free(bundle);
}
if(pub != NULL) {
ucfree(pub, sizeof(pcp_pubkey_t));
}
if(sk != NULL) {
ucfree(sk, sizeof(pcp_key_t));
}
ucfree(buf, bufsize);
errimp1:
ps_close(pin);
return success;
}

3
src/keymgmt.h
View File

@@ -57,8 +57,7 @@ pcp_key_t *pcp_getrsk(pcp_key_t *s, char *recipient, char *passwd);
char *pcp_normalize_id(char *keyid);
pcp_key_t *pcp_find_primary_secret();
int pcp_importpublic (vault_t *vault, FILE *in);
int pcp_importsecret (FILE *in, char *passwd);
int pcp_import (vault_t *vault, FILE *in, char *passwd);
void pcpdelete_key(char *keyid);
char *pcp_find_id_byrec(char *recipient);

35
src/pcp.c
View File

@@ -90,9 +90,8 @@ int main (int argc, char **argv) {
{ "export-secret", no_argument, NULL, 's' },
{ "export-public", no_argument, NULL, 'p' },
{ "export", no_argument, NULL, 'p' }, /* alias -p */
{ "import-secret", no_argument, NULL, 'S' },
{ "import-public", no_argument, NULL, 'P' },
{ "import", no_argument, NULL, 'P' }, /* alias -P */
{ "import", no_argument, NULL, 'K' }, /* alias -P */
{ "import-key", no_argument, NULL, 'K' }, /* alias -K */
{ "remove-key", no_argument, NULL, 'R' },
{ "edit-key", no_argument, NULL, 'E' },
{ "export-yaml", no_argument, NULL, 'y' },
@@ -122,7 +121,7 @@ int main (int argc, char **argv) {
{ NULL, 0, NULL, 0 }
};
while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcymf:b1F:0",
while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcymf:b1F:0K",
longopts, NULL)) != -1) {
switch (opt) {
@@ -153,12 +152,8 @@ int main (int argc, char **argv) {
mode += PCP_MODE_EXPORT_PUBLIC;
usevault = 1;
break;
case 'P':
mode += PCP_MODE_IMPORT_PUBLIC;
usevault = 1;
break;
case 'S':
mode += PCP_MODE_IMPORT_SECRET;
case 'K':
mode += PCP_MODE_IMPORT;
usevault = 1;
break;
case 'R':
@@ -344,8 +339,7 @@ int main (int argc, char **argv) {
}
break;
case PCP_MODE_IMPORT_PUBLIC:
case PCP_MODE_IMPORT_SECRET:
case PCP_MODE_IMPORT:
if(infile == NULL)
infile = extra;
break;
@@ -436,7 +430,7 @@ int main (int argc, char **argv) {
free(recipient);
break;
case PCP_MODE_IMPORT_PUBLIC:
case PCP_MODE_IMPORT:
if(infile == NULL)
in = stdin;
else {
@@ -446,20 +440,7 @@ int main (int argc, char **argv) {
break;
}
}
pcp_importpublic(vault, in);
break;
case PCP_MODE_IMPORT_SECRET:
if(infile == NULL)
in = stdin;
else {
if((in = fopen(infile, "rb")) == NULL) {
fatal("Could not open input file %s\n", infile);
free(infile);
break;
}
}
pcp_importsecret(in, xpass);
pcp_import(vault, in, xpass);
break;
case PCP_MODE_DELETE_KEY:

5
src/pcp.h
View File

@@ -54,8 +54,8 @@
#define PCP_MODE_LISTKEYS 0x00000004
#define PCP_MODE_EXPORT_SECRET 0x00000009
#define PCP_MODE_EXPORT_PUBLIC 0x00000011
#define PCP_MODE_IMPORT_SECRET 0x00000020
#define PCP_MODE_IMPORT_PUBLIC 0x00000038
#define PCP_MODE_IMPORT 0x00000020
#define PCP_MODE_ENCRYPT_ME 0x00000038
#define PCP_MODE_DELETE_KEY 0x00000061
#define PCP_MODE_TEXT 0x000000A6
#define PCP_MODE_EDIT 0x0000011D
@@ -66,7 +66,6 @@
#define PCP_MODE_SIGN 0x00000FF6
#define PCP_MODE_VERIFY 0x00001B25
#define PCP_MODE_YAML 0x00002E27
#define PCP_MODE_ENCRYPT_ME 0x00004E77
/*
0x00001B25

4
src/usage.h
View File

@@ -2,8 +2,8 @@
#define _HAVE_USAGE_H
#define PCP_HELP "\n" \
"Usage: pcp1 [ --help | --version ]\n" \
" [ --keygen | --listkeys | --remove-key | --edit-key ]\n" \
" [ --export-public | --export-secret | --import-public | --import-secret ]\n" \
" [ --keygen | --listkeys | --remove-key | --edit-key ]\n" \
" [ --export-public | --export-secret | --import ]\n" \
" [ --encrypt | --decrypt ]\n" \
" [ --sign | --check-signature ]\n" \
" [ arguments ]\n" \

4
src/usage.txt
View File

@@ -1,7 +1,7 @@
Usage: pcp1 [ --help | --version ]
[ --keygen | --listkeys | --remove-key | --edit-key ]
[ --export-public | --export-secret | --import-public | --import-secret ]
[ --keygen | --listkeys | --remove-key | --edit-key ]
[ --export-public | --export-secret | --import ]
[ --encrypt | --decrypt ]
[ --sign | --check-signature ]
[ arguments ]

47
tests/unittests.cfg
View File

@@ -142,7 +142,7 @@ dxmorg@florida.cops.gov
</test>
<test check-import-public-key>
cmd = $pcp -V $vault -P -I bart.pub
cmd = $pcp -V $vault -K -I bart.pub
expect = /key $bartid added/
</test>
@@ -197,12 +197,12 @@ temporarily disabled
# alicias part
prepare = echo ${md5msg} > testmessage
<test check-crypto-alicia-import-secret>
cmd = $pcp -V va -S -I key-alicia-sec -x a
cmd = $pcp -V va -K -I key-alicia-sec -x a
expect = /${idalicia}/
</test>
<test check-crypto-alicia-import-bobbys-key>
cmd = $pcp -V va -P -I key-bobby-pub
cmd = $pcp -V va -K -I key-bobby-pub
expect = /${idbobby}/
</test>
@@ -215,12 +215,12 @@ temporarily disabled
<test check-crypto-bobby-init>
# bobbys part
<test check-crypto-bobby-import-secret>
cmd = $pcp -V vb -S -I key-bobby-sec -x b
cmd = $pcp -V vb -K -I key-bobby-sec -x b
expect = /${idbobby}/
</test>
<test check-crypto-alicia-import-alicias-key>
cmd = $pcp -V vb -P -I key-alicia-pub
cmd = $pcp -V vb -K -I key-alicia-pub
expect = /${idalicia}/
</test>
@@ -262,7 +262,7 @@ temporarily disabled
</test>
<test check-vcl-prepare-import-bpub>
cmd = $pcp -V vcl -I key-bobby-pub -P
cmd = $pcp -V vcl -I key-bobby-pub -K
expect = /added/
</test>
@@ -272,12 +272,12 @@ temporarily disabled
</test>
<test check-vcl-import-bsecret>
cmd = $pcp -V vb2 -S -I key-bobby-sec -x b
cmd = $pcp -V vb2 -K -I key-bobby-sec -x b
expect = /${idbobby}/
</test>
<test check-vcl-import-unencrypted-pubkey>
cmd = $pcp -V vb2 -P -I testkeyvcl
cmd = $pcp -V vb2 -K -I testkeyvcl
expect = /added/
</test>
@@ -350,12 +350,12 @@ temporarily disabled
#
# negative tests, check for error handling
<test check-if-catch-conflicting-params>
cmd = $pcp -V $vault -S -P
cmd = $pcp -V $vault -K -K
expect = /invalid combination of commandline parameters/
</test>
<test check-infile-error>
cmd = $pcp -V $vault -I nonexist -P
cmd = $pcp -V $vault -I nonexist -K
expect = /Could not open input file nonexist/
</test>
@@ -414,7 +414,7 @@ temporarily disabled
</test>
<test check-if-export-public-catch-outfile-error>
prepare = $pcp -V $vault -P -I bart.pub
prepare = $pcp -V $vault -K -I bart.pub
cmd = $pcp -V $vault -l | grep public | cut -d ' ' -f 1 \
| tail -1 | xargs $pcp -V $vault -p -O nonexistentdir/keyfile
expect = /Could not create output file nonexistentdir/
@@ -422,13 +422,13 @@ temporarily disabled
<test check-if-catch-empty-input>
prepare = touch testfile-empty
cmd = $pcp -V $vault -P -I testfile-empty
cmd = $pcp -V $vault -K -I testfile-empty
expect = /file is empty/
</test>
<test check-if-catch-missing-newlines>
prepare = perl -e 'print "X" x 5000; print "\n"' > testfile-toolong
cmd = $pcp -V $vault -P -I testfile-toolong
cmd = $pcp -V $vault -K -I testfile-toolong -x x
expect = /failed/
</test>
@@ -439,7 +439,7 @@ temporarily disabled
<test check-if-catch-invalid-z85>
prepare = ./jot 30 | while read ignore; do \
echo XXXXXXXXXXXXXXXXXX; done > testfile-noz85
cmd = $pcp -V $vault -P -I testfile-noz85
cmd = $pcp -V $vault -K -I testfile-noz85
expect = /could not decode input/
</test>
*/
@@ -447,17 +447,12 @@ temporarily disabled
<test check-if-catch-nokey-behind-z85>
prepare = ./jot 30 | while read ignore; do echo XXXXX; done \
| $pcp -z > testfile-nokey
cmd = $pcp -V $vault -P -I testfile-nokey
expect = /failed/
</test>
<test check-if-sanity-catch-nosecret>
cmd = $pcp -V $vault -S -I bart.pub -x a
cmd = $pcp -V $vault -K -I testfile-nokey -x x
expect = /failed/
</test>
<test check-if-sanity-catch-keyexists>
cmd = $pcp -V $vault -P -I bart.pub
cmd = $pcp -V $vault -K -I bart.pub
expect = /there already exists a key/
</test>
@@ -471,26 +466,26 @@ temporarily disabled
prepare = ./invalidkeys
<test check-testkey-wrong-version>
cmd = $pcp -V $vault -S -I testkey-wrong-version -x xxx
cmd = $pcp -V $vault -K -I testkey-wrong-version -x xxx
expect = /unknown key version/
</test>
<test check-testkey-wrong-serial>
cmd = $pcp -V $vault -S -I testkey-wrong-serial -x xxx
cmd = $pcp -V $vault -K -I testkey-wrong-serial -x xxx
expect = /invalid serial number/
</test>
<test check-testkey-wrong-ctime>
cmd = $pcp -V $vault -S -I testkey-invalid-ctime -x xxx
cmd = $pcp -V $vault -K -I testkey-invalid-ctime -x xxx
expect = /invalid creation timestamp/
</test>
/*
<test check-testpubkey-wrong-type>
cmd = $pcp -V $vault -P -I testpubkey-wrong-type
cmd = $pcp -V $vault -K -I testpubkey-wrong-type
expect = /key type is not PUBLIC/
</test>
<test check-testpubkey-wrong-version>
cmd = $pcp -V $vault -P -I testpubkey-wrong-version
cmd = $pcp -V $vault -K -I testpubkey-wrong-version
expect = /unknown key version/
</test>
*/