-C uses facilities of -x and -X

2025-12-17 12:00:56 +01:00 · 2015-07-22 07:59:28 +02:00
parent 362f7dff6b
commit 27a9a96ae4
13 changed files with 180 additions and 175 deletions
--- a/6
+++ b/6
@@ -1,3 +1,9 @@
 NEXT
 	Changed -C again: doesnt support a key argument
 	anymore, instead I use the facilities I already
 	have in place (-x and -X). Also, I don't generate
 	an extra hash for the key anymore.
 0.3.0
 	Changed publuc key signature storage, previously
 	I didn't add the actual signature, therefore a
--- a/6
+++ b/6
@@ -1,7 +1,7 @@
 Installation Instructions
 *************************
-Copyright (C) 1994-1996, 1999-2002, 2004-2012 Free Software Foundation,
+Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
 Inc.
   Copying and distribution of this file, with or without modification,
@@ -12,8 +12,8 @@ without warranty of any kind.
 Basic Installation
 ==================
-   Briefly, the shell commands `./configure; make; make install' should
+   Briefly, the shell command `./configure && make && make install'
-configure, build, and install this package.  The following
+should configure, build, and install this package.  The following
 more-detailed instructions are generic; see the `README' file for
 instructions specific to this package.  Some packages provide this
 `INSTALL' file but do not implement all of the features documented
--- a/bindings/py/pypcp/raw.py
+++ b/bindings/py/pypcp/raw.py
@@ -867,43 +867,7 @@ uint8_t *zmq_z85_decode (uint8_t *dest, char *string);
 char *zmq_z85_encode (char *dest, uint8_t *data, size_t size);'''
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
-EXP_FORMAT_PBP = 2
+PCP_ZFILE_FOOTER = "----- END Z85 ENCODED FILE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ASYM_CIPHER = 5
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_CIPHER = 0x23
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_PK_HEADER = "----- BEGIN ED25519-CURVE29915 PUBLIC KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_HASH_CIPHER = 0x22
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_HASH_NAME = "BLAKE2"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_CRYPTO_ADD = (32 - 16)
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ASYM_CIPHER_SIG = 24
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_KEYFLAGS = 27
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_NOTATION = 20
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
@@ -911,37 +875,133 @@ PCP_VAULT_ID = 14
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
-EXP_SK_HEADER = "----- BEGIN ED25519-CURVE29915 PRIVATE KEY -----"
+EXP_FORMAT_PBP = 2
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
-PCP_ENFILE_HEADER = "----- BEGIN PCP ENCRYPTED FILE -----\r\n"
+EXP_SIG_SUB_KEYFLAGS = 27
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SIG_HEADER = "----- BEGIN ED25519 SIGNED MESSAGE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SIGPREFIX = "\nnacl-"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ZFILE_FOOTER = "----- END Z85 ENCODED FILE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SK_FOOTER = "----- END ED25519-CURVE29915 PRIVATE KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SIG_END = "----- END ED25519 SIGNATURE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_CIPHER_NAME = "ED25519"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_PK_HEADER = "----- BEGIN ED25519-CURVE29915 PUBLIC KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SK_FOOTER = "----- END ED25519-CURVE29915 PRIVATE KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ZFILE_HEADER = "----- BEGIN Z85 ENCODED FILE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_CTIME = 2
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SIG_HEADER = "----- BEGIN ED25519 SIGNED MESSAGE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_KEYEXPIRE = 9
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PBP_COMPAT_SALT = "qa~t](84z<1t<1oz:ik.@IRNyhG=8q(on9}4#!/_h#a7wqK{Nt$T?W>,mt8NqYq&6U<GB1$,<$j>,rSYI2GRDd:Bcm"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ASYM_CIPHER_ANON = 6
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_TYPE = 0x1F 
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_NOTATION = 20
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SYM_CIPHER = 23
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_CRYPTO_ADD = (32 - 16)
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SIGPREFIX = "\nnacl-"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_RFC_CIPHER = 0x21 
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_HASH_NAME = "BLAKE2"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ENFILE_FOOTER = "\r\n----- END PCP ENCRYPTED FILE -----\r\n"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_HASH_CIPHER = 0x22
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ASYM_CIPHER_SIG = 24
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_CIPHER = 0x23
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ENFILE_HEADER = "----- BEGIN PCP ENCRYPTED FILE -----\r\n"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ASYM_CIPHER = 5
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_PK_CIPHER_NAME = "CURVE25519-ED25519-POLY1305-SALSA20"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SIG_START = "----- BEGIN ED25519 SIGNATURE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_BLOCK_SIZE = 32 * 1024
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_SIGEXPIRE = 3
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_PK_FOOTER = "----- END ED25519-CURVE29915 PUBLIC KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SK_HEADER = "----- BEGIN ED25519-CURVE29915 PRIVATE KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_FORMAT_NATIVE = 1
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ENCRYPT_MAC = 56
@@ -950,65 +1010,5 @@ PCP_ENCRYPT_MAC = 56
 PCP_ME = "Pretty Curved Privacy"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ASYM_CIPHER_ANON = 6
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ENFILE_FOOTER = "\r\n----- END PCP ENCRYPTED FILE -----\r\n"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_CTIME = 2
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SIG_START = "----- BEGIN ED25519 SIGNATURE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_ZFILE_HEADER = "----- BEGIN Z85 ENCODED FILE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_SIGEXPIRE = 3
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_CIPHER_NAME = "ED25519"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_PK_CIPHER = 0x21
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_PK_FOOTER = "----- END ED25519-CURVE29915 PUBLIC KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_SUB_KEYEXPIRE = 9
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_FORMAT_NATIVE = 1
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_SYM_CIPHER = 23
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_PK_CIPHER_NAME = "CURVE25519-ED25519-POLY1305-SALSA20"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PBP_COMPAT_SALT = "qa~t](84z<1t<1oz:ik.@IRNyhG=8q(on9}4#!/_h#a7wqK{Nt$T?W>,mt8NqYq&6U<GB1$,<$j>,rSYI2GRDd:Bcm"
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 PCP_BLOCK_SIZE = 32 * 1024
 # ./gencffi.pl: from ../../include/pcp/defines.h:172
 EXP_SIG_TYPE = 0x1F 
--- a/include/pcp/config.h.in
+++ b/include/pcp/config.h.in
@@ -160,9 +160,6 @@
   */
 #undef LT_OBJDIR
 /* Define to 1 if your C compiler doesn't accept -c and -o together. */
 #undef NO_MINUS_C_MINUS_O
 /* Name of package */
 #undef PACKAGE
--- a/man/options.pod
+++ b/man/options.pod
@@ -9,6 +9,8 @@
                           will be used.
 -I --infile <file>        Input file. If not specified, stdin
                           will be used.
 -x --xpass <passwd>       Provide password. B<INSECURE>! Use for
                           testing or debugging only!
 -X --password-file <file> Read passphrase from <file>. If <file>
                           is -, read from stdin. This takes
                           precedence over other uses of stdin
@@ -132,11 +134,9 @@
                           uses stdin/stdout
 Misc Options:
- -C --checksum [<key>]     Calculate a Blake2b checksum of one or more files.
+ -C --checksum             Calculate a Blake2b checksum of one or more files.
-                           If <key> is provided, an authenticated hash will
+                           If -x is provided, an authenticated hash will
-                           be calculated, otherwise a normal hash. If you don't
+                           be calculated, otherwise a normal hash.
                           want to generate an authenticated hash, specify
                           -- after -C.
                           Use -I to specify one file or put multiple file
                           names after -C like "pcp1 -C -- file1 file2 file3".
--- a/man/pcp1.1
+++ b/man/pcp1.1
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PCP1 1"
-.TH PCP1 1 "2015-07-21" "PCP 0.3.0" "USER CONTRIBUTED DOCUMENTATION"
+.TH PCP1 1 "2015-07-22" "PCP 0.3.0" "USER CONTRIBUTED DOCUMENTATION"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -158,6 +158,8 @@ Pretty Curved Privacy \- File encryption using eliptic curve cryptography.
 \&  \-V \-\-vault <vaultfile>    Specify an alternate vault file.
 \&  \-O \-\-outfile <file>       Output file. STDOUT if unspecified.
 \&  \-I \-\-infile <file>        Input file. STDIN if unspecified.
 \&  \-x \-\-xpass <passwd>       Provide password. INSECURE! Use for testing
 \&                            or debugging only!
 \&  \-X \-\-password\-file <file> Read passphrase from <file>.
 \&  \-i \-\-keyid <id>           Specify a key id for various operations.
 \&  \-r \-\-recipient <string>   Specify a recpipient, multiple allowed.
@@ -193,7 +195,8 @@ Pretty Curved Privacy \- File encryption using eliptic curve cryptography.
 \&  \-a \-\-armor \-\-textmode     same as \-z
 \&  
 \&  Misc Options:
-\&  \-C \-\-checksum [<key>]     calculate a Blake2 checksum of one or more files.
+\&  \-C \-\-checksum             calculate a Blake2 checksum of one or more files.
 \&                            add \-x <key> to compute an authenticated hash.
 \&  
 \&  Arguments:
 \&  Extra arguments after options are treated as filenames or
@@ -209,6 +212,8 @@ Pretty Curved Privacy \- File encryption using eliptic curve cryptography.
 \&                           will be used.
 \& \-I \-\-infile <file>        Input file. If not specified, stdin
 \&                           will be used.
 \& \-x \-\-xpass <passwd>       Provide password. B<INSECURE>! Use for
 \&                           testing or debugging only!
 \& \-X \-\-password\-file <file> Read passphrase from <file>. If <file>
 \&                           is \-, read from stdin. This takes
 \&                           precedence over other uses of stdin
@@ -332,11 +337,9 @@ Pretty Curved Privacy \- File encryption using eliptic curve cryptography.
 \&                           uses stdin/stdout
 \& 
 \& Misc Options:
-\& \-C \-\-checksum [<key>]     Calculate a Blake2b checksum of one or more files.
+\& \-C \-\-checksum             Calculate a Blake2b checksum of one or more files.
-\&                           If <key> is provided, an authenticated hash will
+\&                           If \-x is provided, an authenticated hash will
-\&                           be calculated, otherwise a normal hash. If you don\*(Aqt
+\&                           be calculated, otherwise a normal hash.
 \&                           want to generate an authenticated hash, specify
 \&                           \-\- after \-C.
 \&                           Use \-I to specify one file or put multiple file
 \&                           names after \-C like "pcp1 \-C \-\- file1 file2 file3".
 .Ve
--- a/man/pcp1.html
+++ b/man/pcp1.html
@@ -86,6 +86,8 @@
  -V --vault &lt;vaultfile&gt;    Specify an alternate vault file.
  -O --outfile &lt;file&gt;       Output file. STDOUT if unspecified.
  -I --infile &lt;file&gt;        Input file. STDIN if unspecified.
  -x --xpass &lt;passwd&gt;       Provide password. INSECURE! Use for testing
                            or debugging only!
  -X --password-file &lt;file&gt; Read passphrase from &lt;file&gt;.
  -i --keyid &lt;id&gt;           Specify a key id for various operations.
  -r --recipient &lt;string&gt;   Specify a recpipient, multiple allowed.
@@ -121,7 +123,8 @@
  -a --armor --textmode     same as -z
  Misc Options:
-  -C --checksum [&lt;key&gt;]     calculate a Blake2 checksum of one or more files.
+  -C --checksum             calculate a Blake2 checksum of one or more files.
                            add -x &lt;key&gt; to compute an authenticated hash.
  Arguments:
  Extra arguments after options are treated as filenames or
@@ -137,6 +140,8 @@
                           will be used.
 -I --infile &lt;file&gt;        Input file. If not specified, stdin
                           will be used.
 -x --xpass &lt;passwd&gt;       Provide password. B&lt;INSECURE&gt;! Use for
                           testing or debugging only!
 -X --password-file &lt;file&gt; Read passphrase from &lt;file&gt;. If &lt;file&gt;
                           is -, read from stdin. This takes
                           precedence over other uses of stdin
@@ -260,11 +265,9 @@
                           uses stdin/stdout
 Misc Options:
- -C --checksum [&lt;key&gt;]     Calculate a Blake2b checksum of one or more files.
+ -C --checksum             Calculate a Blake2b checksum of one or more files.
-                           If &lt;key&gt; is provided, an authenticated hash will
+                           If -x is provided, an authenticated hash will
-                           be calculated, otherwise a normal hash. If you don&#39;t
+                           be calculated, otherwise a normal hash.
                           want to generate an authenticated hash, specify
                           -- after -C.
                           Use -I to specify one file or put multiple file
                           names after -C like &quot;pcp1 -C -- file1 file2 file3&quot;.
 </code></pre>
--- a/man/pcp1.pod
+++ b/man/pcp1.pod
@@ -21,6 +21,8 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
  -V --vault <vaultfile>    Specify an alternate vault file.
  -O --outfile <file>       Output file. STDOUT if unspecified.
  -I --infile <file>        Input file. STDIN if unspecified.
  -x --xpass <passwd>       Provide password. INSECURE! Use for testing
                            or debugging only!
  -X --password-file <file> Read passphrase from <file>.
  -i --keyid <id>           Specify a key id for various operations.
  -r --recipient <string>   Specify a recpipient, multiple allowed.
@@ -56,7 +58,8 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
  -a --armor --textmode     same as -z
  Misc Options:
-  -C --checksum [<key>]     calculate a Blake2 checksum of one or more files.
+  -C --checksum             calculate a Blake2 checksum of one or more files.
                            add -x <key> to compute an authenticated hash.
  Arguments:
  Extra arguments after options are treated as filenames or
@@ -72,6 +75,8 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
                           will be used.
 -I --infile <file>        Input file. If not specified, stdin
                           will be used.
 -x --xpass <passwd>       Provide password. B<INSECURE>! Use for
                           testing or debugging only!
 -X --password-file <file> Read passphrase from <file>. If <file>
                           is -, read from stdin. This takes
                           precedence over other uses of stdin
@@ -195,11 +200,9 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
                           uses stdin/stdout
 Misc Options:
- -C --checksum [<key>]     Calculate a Blake2b checksum of one or more files.
+ -C --checksum             Calculate a Blake2b checksum of one or more files.
-                           If <key> is provided, an authenticated hash will
+                           If -x is provided, an authenticated hash will
-                           be calculated, otherwise a normal hash. If you don't
+                           be calculated, otherwise a normal hash.
                           want to generate an authenticated hash, specify
                           -- after -C.
                           Use -I to specify one file or put multiple file
                           names after -C like "pcp1 -C -- file1 file2 file3".
--- a/src/encryption.c
+++ b/src/encryption.c
@@ -363,16 +363,10 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
 void pcpchecksum(char **files, int filenum, char *key) {
  int i;
  byte *checksum = ucmalloc(crypto_generichash_BYTES_MAX);
-  byte *keyhash = NULL;
+  size_t keylen = 0;
  size_t hashlen = 0;
-  if(key != NULL) {
+  if(key != NULL)
-    keyhash = ucmalloc(crypto_generichash_BYTES);
+    keylen = strlen(key);
    crypto_generichash(keyhash, crypto_generichash_BYTES,
 		       (byte *)key, strlen(key),
 		       NULL, crypto_generichash_BYTES);
    hashlen = crypto_generichash_BYTES;
  }
  for(i=0; i<filenum; i++) {
    FILE *in;
@@ -387,7 +381,7 @@ void pcpchecksum(char **files, int filenum, char *key) {
      }
    }
    Pcpstream *pin = ps_new_file(in);
-    if(pcp_checksum(ptx, pin, checksum, keyhash, hashlen) > 0) {
+    if(pcp_checksum(ptx, pin, checksum, (byte *)key, keylen) > 0) {
      char *hex = _bin2hex(checksum, crypto_generichash_BYTES_MAX);
      fprintf(stdout, "BLAKE2b (%s) = %s\n", files[i], hex);
      free(hex);
@@ -397,7 +391,4 @@ void pcpchecksum(char **files, int filenum, char *key) {
  }
  free(checksum);
  if(keyhash != NULL)
    free(keyhash);
 }
--- a/src/pcp.c
+++ b/src/pcp.c
@@ -114,7 +114,7 @@ int main (int argc, char **argv)  {
    { "decrypt",         no_argument,       NULL,           'd' },
    { "anonymous",       no_argument,       NULL,           'A' },
    { "add-myself",      no_argument,       NULL,           'M' },
-    { "checksum",        optional_argument, NULL,           'C' },
+    { "checksum",        no_argument,       NULL,           'C' },
    /*  encoding */
    { "z85-encode",      no_argument,       NULL,           'z' },
@@ -136,7 +136,7 @@ int main (int argc, char **argv)  {
    { NULL,              0,                 NULL,            0 }
  };
-  while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC:",
+  while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:jC",
 			    longopts, NULL)) != -1) {
    switch (opt)  {
@@ -233,10 +233,6 @@ int main (int argc, char **argv)  {
 	break;
      case 'C':
 	mode += PCP_MODE_CHECKSUM;
 	if(strlen(optarg) > 0 && strncmp(optarg, "--", 3) > 0) {
 	  xpass = smalloc(strlen(optarg)+1);
 	  strncpy(xpass, optarg, strlen(optarg)+1);
 	}
 	break;	
      case 'f':
 	sigfile = ucmalloc(strlen(optarg)+1);
--- a/src/usage.h
+++ b/src/usage.h
@@ -16,6 +16,8 @@
 "-V --vault <vaultfile>    Specify an alternate vault file.\n" \
 "-O --outfile <file>       Output file. STDOUT if unspecified.\n" \
 "-I --infile <file>        Input file. STDIN if unspecified.\n" \
 "-x --xpass <passwd>       Provide password. INSECURE! Use for testing\n" \
 "                          or debugging only!\n" \
 "-X --password-file <file> Read passphrase from <file>.\n" \
 "-i --keyid <id>           Specify a key id for various operations.\n" \
 "-r --recipient <string>   Specify a recpipient, multiple allowed.\n" \
@@ -51,7 +53,8 @@
 "-a --armor --textmode     same as -z\n" \
 "\n" \
 "Misc Options:\n" \
-"-C --checksum [<key>]     calculate a Blake2 checksum of one or more files.\n" \
+"-C --checksum             calculate a Blake2 checksum of one or more files.\n" \
 "                          add -x <key> to compute an authenticated hash.\n" \
 "\n" \
 "Arguments:\n" \
 "Extra arguments after options are treated as filenames or\n" \
--- a/src/usage.txt
+++ b/src/usage.txt
@@ -14,6 +14,8 @@ General Options:
 -V --vault <vaultfile>    Specify an alternate vault file.
 -O --outfile <file>       Output file. STDOUT if unspecified.
 -I --infile <file>        Input file. STDIN if unspecified.
 -x --xpass <passwd>       Provide password. INSECURE! Use for testing
                          or debugging only!
 -X --password-file <file> Read passphrase from <file>.
 -i --keyid <id>           Specify a key id for various operations.
 -r --recipient <string>   Specify a recpipient, multiple allowed.
@@ -49,7 +51,8 @@ Encoding Options:
 -a --armor --textmode     same as -z
 Misc Options:
-C --checksum [<key>]     calculate a Blake2 checksum of one or more files.
+-C --checksum             calculate a Blake2 checksum of one or more files.
                          add -x <key> to compute an authenticated hash.
 Arguments:
 Extra arguments after options are treated as filenames or
--- a/tests/unittests.cfg
+++ b/tests/unittests.cfg
@@ -574,22 +574,22 @@ temporarily disabled
 # checksum tests
 <test checksums>
  blake2     = 5baec1cad5bf54287028749d83f2bf3e3ed09f0ee38a233f35dbda1361c6a67fd824e17c86ee3a85181038eb44836c17c42e6beff17fdf997075417914056992
-  blake2auth = 6d74340db1e77021861443d6cc0d1acedefed8c6d863789778ed800b99d32b6c96b782d087209ea180e983af51bd649064eff58ef0826c8996ae8017c35082b3
+  blake2auth = d7fff04bd63004f7a2ba914d9b2ccff22827230d3c546d97ebaa29cbe9fb2380b7948bc799486d512b4355c24f0cce423e746419098d4455af91898c4a06a5df
  key        = 9U3Dk2s
  <test check-checksum-copying>
-    cmd = $pcp -C -- ../COPYING
+    cmd = $pcp -C ../COPYING
    expect = /$blake2/
  </test>
  <test check-checksum-authenticated-copying>
-    cmd = $pcp -C $key ../COPYING
+    cmd = $pcp -x $key -C ../COPYING
    expect = /$blake2auth/
  </test>
  <test check-checksum-copying-stdin>
-    cmd = $pcp -C -- < ../COPYING
+    cmd = $pcp -C < ../COPYING
    expect = /$blake2/
  </test>
  <test check-checksum-multiple>
-    cmd = $pcp -C -- ../COPYING ../README
+    cmd = $pcp -C ../COPYING ../README
    expect = /README/
  </test>
 </test>