abandoned yaml, perl and c key exporters, added json exporter using libjansson, enable with --with-json

2025-12-17 03:50:57 +01:00 · 2015-07-06 23:02:04 +02:00
parent 325493189d
commit 57517a1000
21 changed files with 267 additions and 309 deletions
--- a/11
+++ b/11
@@ -1,4 +1,15 @@
 NEXT
 	Added JSON key export support using libjansson.
 	Abandoned YAML, perl and C key export support,
 	better doing one external format but doing it
 	good. Also, I had no importers for those formats
 	but I'll add a JSON importer.
 	Removed -y for YAML vault export as well. Maybe
 	I'll add a parameter to -p or -s so one can
 	select which key[s] to export.
 	removed hand-written padding stuff and using
 	libsodiums _easy() functions for crypto now
 	instead of the raw nacl ones. instead we use
--- a/12
+++ b/12
@@ -1,7 +1,7 @@
 Installation Instructions
 *************************
-Copyright (C) 1994-1996, 1999-2002, 2004-2011 Free Software Foundation,
+Copyright (C) 1994-1996, 1999-2002, 2004-2013 Free Software Foundation,
 Inc.
   Copying and distribution of this file, with or without modification,
@@ -12,8 +12,8 @@ without warranty of any kind.
 Basic Installation
 ==================
-   Briefly, the shell commands `./configure; make; make install' should
+   Briefly, the shell command `./configure && make && make install'
-configure, build, and install this package.  The following
+should configure, build, and install this package.  The following
 more-detailed instructions are generic; see the `README' file for
 instructions specific to this package.  Some packages provide this
 `INSTALL' file but do not implement all of the features documented
@@ -309,9 +309,10 @@ causes the specified `gcc' to be used as the C compiler (unless it is
 overridden in the site shell script).
 Unfortunately, this technique does not work for `CONFIG_SHELL' due to
-an Autoconf bug.  Until the bug is fixed you can use this workaround:
+an Autoconf limitation.  Until the limitation is lifted, you can use
 this workaround:
-     CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+     CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash
 `configure' Invocation
 ======================
@@ -367,4 +368,3 @@ operates.
 `configure' also accepts some other, not widely useful, options.  Run
 `configure --help' for more details.
--- a/8
+++ b/8
@@ -1,3 +1,11 @@
 JSON:
 - export secret as json
 - import pub und secret as json
 - export vault as json
 detach keysig generation from pub key export, so that an existing
 keysig can be verified later.
 key++: normalize id and lc()
 allow signing using an alternate secret key, like in pcpdecrypt()
--- a/configure.ac
+++ b/configure.ac
@@ -143,6 +143,7 @@ AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
 _havenacl=no
 _ldlib=""
 _have_json=no
 AC_ARG_WITH([libsodium],
            [AS_HELP_STRING([--with-libsodium],
@@ -223,6 +224,20 @@ if test "x${_havenacl}" != "xno" -a "x$cross_compile" = "xno"; then
 fi
 AC_ARG_WITH([json],
            [AS_HELP_STRING([--with-json],
                            [enable JSON support])],
            [search_json="yes"],
            [])
 if test "x$search_json" = "xyes"; then
    # use pkg only
    _have_json="yes"
    LDFLAGS="$LDFLAGS -ljansson"
    CFLAGS="$CFLAGS -DHAVE_JSON=1"
 fi
 # Check for some target-specific stuff
 case "$host" in
    *aix*)
@@ -411,6 +426,7 @@ AC_MSG_RESULT([
 	build python binding:   ${python}
 	build c++ binding:      ${enable_cpp_binding}
 	json support            ${_have_json}
    Type 'make' to build, 'make install' to install.
    To execute unit tests, type 'make test'.
 ])
--- a/include/pcp/config.h.in
+++ b/include/pcp/config.h.in
@@ -160,9 +160,6 @@
   */
 #undef LT_OBJDIR
 /* Define to 1 if your C compiler doesn't accept -c and -o together. */
 #undef NO_MINUS_C_MINUS_O
 /* Name of package */
 #undef PACKAGE
--- a/include/pcp/defines.h
+++ b/include/pcp/defines.h
@@ -163,10 +163,6 @@ typedef enum _PCP_KEY_TYPES {
 /* pubkey export formats */
 #define EXP_FORMAT_NATIVE   1
 #define EXP_FORMAT_PBP      2
 #define EXP_FORMAT_YAML     3
 #define EXP_FORMAT_C        4
 #define EXP_FORMAT_PY       5
 #define EXP_FORMAT_PERL     6
--- a/include/pcp/mgmt.h
+++ b/include/pcp/mgmt.h
@@ -47,6 +47,10 @@
 #include <stdio.h>
 #include <time.h>
 #ifdef HAVE_JSON
 #include <jansson.h>
 #endif
 #include "defines.h"
 #include "platform.h"
 #include "structs.h"
@@ -58,7 +62,7 @@
 #include "scrypt.h"
 #include "context.h"
-/* key management api, export, import, yaml and stuff */
+/* key management api, export, import, and stuff */
 /**
@@ -163,7 +167,8 @@
        blob in the format described above.
 */
-Buffer *pcp_export_rfc_pub (pcp_key_t *sk);
+Buffer *pcp_export_rfc_pub (PCPCTX *ptx, pcp_key_t *sk);
 /** Export a public key in PBP format.
@@ -178,39 +183,6 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk);
 */
 Buffer *pcp_export_pbp_pub(pcp_key_t *sk);
 /** Export a public key in yaml format.
    Export a public key in yaml format.
    \param sk a secret key structure of type pcp_key_t. The secret keys
            in there have to be already decrypted.
    \return the function returns a Buffer object containing the binary
            blob containing a YAML string.
 */
 Buffer *pcp_export_yaml_pub(pcp_key_t *sk);
 /** Export a public key in perl code format.
    Export a public key in perl code format.
    \param sk a secret key structure of type pcp_key_t. The secret keys
            in there have to be already decrypted.
    \return the function returns a Buffer object containing the binary
            blob containing a perl code string (a hash definition).
 */
 Buffer *pcp_export_perl_pub(pcp_key_t *sk);
 /** Export a public key in C code format.
    Export a public key in C code format.
    \param sk a secret key structure of type pcp_key_t. The secret keys
            in there have to be already decrypted.
    \return the function returns a Buffer object containing the binary
            blob containing a C code string.
 */
 Buffer *pcp_export_c_pub(pcp_key_t *sk);
 /** Export secret key.
   Export a secret key.
@@ -255,6 +227,37 @@ Buffer *pcp_export_c_pub(pcp_key_t *sk);
 */
 Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase);
 #ifdef HAVE_JSON
 /** Export public key in JSON format
    \param[in] sk a secret key structure of type pcp_key_t. The secret keys
            in there have to be already decrypted.
    \param[in] sig the keysig blob.
    \return the function returns a Buffer object containing the binary
            blob containing a JSON string.
 */
 Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig);
 /** Export secret key in JSON format
    \param[in] sk a secret key structure of type pcp_key_t. The secret keys
            in there have to be already decrypted.
    \param[in] nonce the nonce used to encrypt secret keys
    \param[in] cipher the encrypted secret keys
    \param[in] clen len of cipher
    \return the function returns a Buffer object containing the binary
            blob containing a JSON string.
 */
 Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *cipher, size_t clen);
 json_t *pcp_pub2jsont(pcp_key_t *sk, byte *sig);
 #endif
 pcp_ks_bundle_t *pcp_import_binpub(PCPCTX *ptx, byte *raw, size_t rawsize);
 pcp_ks_bundle_t *pcp_import_pub(PCPCTX *ptx, byte *raw, size_t rawsize); /* FIXME: deprecate */
 pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob);
--- a/include/pcp/structs.h
+++ b/include/pcp/structs.h
@@ -195,7 +195,9 @@ struct _pcp_ctx_t {
  byte pcp_errset;  /**< indicates if an error occurred. */
  int  pcp_exit;    /**< exit code for pcp commandline utility */
  int  verbose;     /**< enable verbose output */
-
+#ifdef HAVE_JSON
  int  json;        /**< enable json i/o */
 #endif
  pcp_key_t *pcpkey_hash;       /**< hash containing for keys */
  pcp_pubkey_t *pcppubkey_hash; /**< hash for keys. */
  pcp_keysig_t *pcpkeysig_hash; /**< hash for key sigs */
--- a/include/pcp/util.h
+++ b/include/pcp/util.h
@@ -99,6 +99,16 @@ void _xorbuf(byte *iv, byte *buf, size_t xlen);
 */
 void _dump(char *n, byte *d, size_t s);
 /** return hex string of binary data
    \param[in] bin byte array
    \param[in] len size of byte array
    \return Returns malloc'd hex string. Caller must free.
 */
 char *_bin2hex(byte *bin, size_t len);
 #endif /*  _HAVE_PCP_UTIL_H */
 /**@}*/
--- a/libpcp/context.c
+++ b/libpcp/context.c
@@ -36,6 +36,9 @@ PCPCTX *ptx_new() {
  p->pcp_errset = 0;
  p->pcp_exit = 0;
  p->verbose = 0;
 #ifdef HAVE_JSON
  p->json = 0;
 #endif
  p->pcpkey_hash = NULL;
  p->pcppubkey_hash = NULL;
  p->pcpkeysig_hash = NULL;
--- a/libpcp/mgmt.c
+++ b/libpcp/mgmt.c
@@ -443,121 +443,110 @@ pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob) {
  return NULL;
 }
-Buffer *pcp_export_yaml_pub(pcp_key_t *sk) {
+#ifdef HAVE_JSON
  Buffer *b = buffer_new_str("yamlbuf");
  struct tm *c;
  time_t t = time(0);
  c = localtime(&t);
-  buffer_add_str(b, "#\n# YAML export of public key\n");
+json_t *pcp_pub2jsont(pcp_key_t *sk, byte *sig) {
-  buffer_add_str(b, "# Generated on: %04d-%02d-%02dT%02d:%02d:%02d\n",
+  json_t *jout;
-		 c->tm_year+1900, c->tm_mon+1, c->tm_mday,
+  char *cryptpub, *sigpub, *masterpub, *ssig;
-		 c->tm_hour, c->tm_min, c->tm_sec);
+ 
-  buffer_add_str(b, "---\n");
+  char *jformat = "{sssssssisisisissssssssssss}";
  buffer_add_str(b, "id:         %s\n", sk->id);
  buffer_add_str(b, "owner:      %s\n", sk->owner);
  buffer_add_str(b, "mail:       %s\n", sk->mail);
  buffer_add_str(b, "ctime:      %ld\n", (long int)sk->ctime);
  buffer_add_str(b, "version:    %08x\n", sk->version);
  buffer_add_str(b, "serial:     %08x\n", sk->serial);
  buffer_add_str(b, "type:       public\n");
  buffer_add_str(b, "cryptpub:   "); buffer_add_hex(b, sk->pub, 32); buffer_add_str(b, "\n");
  buffer_add_str(b, "sigpub:     "); buffer_add_hex(b, sk->edpub, 32); buffer_add_str(b, "\n");
  buffer_add_str(b, "masterpub:  "); buffer_add_hex(b, sk->masterpub, 32); buffer_add_str(b, "\n");
  return b;
 }
 Buffer *pcp_export_perl_pub(pcp_key_t *sk) {
  Buffer *b = buffer_new_str("perlbuf");
  struct tm *c;
  time_t t = time(0);
  c = localtime(&t);
  size_t i;
  buffer_add_str(b, "#\n# Perl export of public key\n");
  buffer_add_str(b, "# Generated on: %04d-%02d-%02dT%02d:%02d:%02d\n",
 		 c->tm_year+1900, c->tm_mon+1, c->tm_mday,
 		 c->tm_hour, c->tm_min, c->tm_sec);
  buffer_add_str(b, "# \nmy %%key = (\n");
  buffer_add_str(b, "            id       => \"%s\",\n", sk->id);
  buffer_add_str(b, "            owner    => \"%s\",\n", sk->owner);
  buffer_add_str(b, "            mail     => '%s',\n", sk->mail); 
  buffer_add_str(b, "            ctime    => %ld,\n", (long int)sk->ctime);
  buffer_add_str(b, "            version  => x%08x,\n", sk->version);
  buffer_add_str(b, "            serial   => x%08x,\n", sk->serial);
  buffer_add_str(b, "            type     => \"public\",\n");
  buffer_add_str(b, "            cryptpub => [");
  for (i=0; i<31; ++i) {
    buffer_add_str(b, "x%02x,", sk->pub[i]);
    if(i % 8 == 7 && i > 0)
      buffer_add_str(b, "\n                          ");
  }
  buffer_add_str(b, "x%02x],\n", sk->pub[31]);
  buffer_add_str(b, "            sigpub =>    [");
  for (i=0; i<31; ++i) {
    buffer_add_str(b, "x%02x,", sk->edpub[i]);
    if(i % 8 == 7 && i > 0)
      buffer_add_str(b, "\n                          ");
  }
  buffer_add_str(b, "x%02x],\n", sk->edpub[31]);
-  buffer_add_str(b, "            masterpub => [");
+  cryptpub = _bin2hex(sk->pub, 32);
-  for (i=0; i<31; ++i) {
+  sigpub   = _bin2hex(sk->edpub, 32);
-    buffer_add_str(b, "x%02x,", sk->masterpub[i]);
+  masterpub= _bin2hex(sk->masterpub, 32);
    if(i % 8 == 7 && i > 0)
      buffer_add_str(b, "\n                          ");
  }
  buffer_add_str(b, "x%02x]\n", sk->masterpub[31]);
  buffer_add_str(b, ");\n");
-
+  if(sig != NULL) {
-  return b;
+    ssig     = _bin2hex(sig, crypto_sign_BYTES + crypto_generichash_BYTES_MAX);
 }
 void pcp_export_c_pub_var(Buffer *b, char *var, byte *d, size_t len) {
  buffer_add_str(b, "byte %s[%ld] = {\n  ", var, len);
  size_t i;
  for(i=0; i<len-1; ++i) {
    buffer_add_str(b, "0x%02x, ", (unsigned int)d[i]);
    if (i % 8 == 7) buffer_add_str(b, "\n  ");
  }
-  buffer_add_str(b, "0x%02x\n};\n", (unsigned int)d[i]);
+  else {
    ssig = malloc(1);
    ssig[0] = '\0';
    jformat = "{sssssssisisisissssssssss}";
  }
  jout = json_pack(jformat,
 		   "id", sk->id,
 		   "owner", sk->owner,
 		   "mail", sk->mail,
 		   "ctime", (int)sk->ctime,
 		   "expire", (int)sk->ctime+31536000,
 		   "version", (int)sk->version,
 		   "serial", (int)sk->serial,
 		   "type", "public",
 		   "cipher", EXP_PK_CIPHER_NAME,
 		   "cryptpub", cryptpub,
 		   "sigpub", sigpub,
 		   "masterpub", masterpub,
 		   "signature", ssig
 		   );
  free(cryptpub);
  free(sigpub);
  free(masterpub);
  if(sig != NULL)
    free(ssig);
  return jout;
 }
-Buffer *pcp_export_c_pub(pcp_key_t *sk) {
+Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *cipher, size_t clen) {
-  Buffer *b = buffer_new_str("c-buf");
+  Buffer *b = buffer_new_str("jsonbuf");
-  struct tm *c;
+  char *jdump, *xcipher, *xnonce;
-  time_t t = time(0);
+  json_t *jout;
-  c = localtime(&t);
+  json_error_t jerror;
  assert(ptx->json);
-  buffer_add_str(b, "/*\n * C export of public key\n");
+  jout = pcp_pub2jsont(sk, NULL);
  buffer_add_str(b, " * Generated on: %04d-%02d-%02dT%02d:%02d:%02d\n",
 		 c->tm_year+1900, c->tm_mon+1, c->tm_mday,
 		 c->tm_hour, c->tm_min, c->tm_sec);
  buffer_add_str(b, " */\n");
-  buffer_add_str(b, "char id[] = \"%s\";\n", sk->id);
+  xcipher = _bin2hex(cipher, clen);
-  buffer_add_str(b, "char owner[] = \"%s\";\n", sk->owner);
+  xnonce  = _bin2hex(nonce, crypto_secretbox_NONCEBYTES);
  buffer_add_str(b, "char mail[] = \"%s\";\n", sk->mail);
  buffer_add_str(b, "uint64_t ctime = %ld;\n", sk->ctime);
  buffer_add_str(b, "uint32_t version = 0x%08x;\n", sk->version);
  buffer_add_str(b, "uint32_t serial = 0x%08x;\n", sk->serial);
  buffer_add_str(b, "char[] type = \"public\";\n");
-  pcp_export_c_pub_var(b, "cryptpub", sk->pub, 32);
+  json_object_set(jout, "type", json_string("secret"));
-  pcp_export_c_pub_var(b, "sigpub", sk->pub, 32);
+  json_object_set(jout, "secrets", json_string(xcipher));
-  pcp_export_c_pub_var(b, "masterpub", sk->pub, 32);
+  json_object_set(jout, "nonce", json_string(xnonce));
  jdump  = json_dumps(jout, JSON_INDENT(4) | JSON_PRESERVE_ORDER);
  if(jdump != NULL) {
    buffer_add_str(b, jdump);
    free(jdump);
  }
  else {
    fatal(ptx, "JSON encoding error: %s", jerror);
  }
  json_decref(jout);
  return b;
 }
 Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig) {
  Buffer *b = buffer_new_str("jsonbuf");
  char *jdump;
  json_t *jout;
  json_error_t jerror;
  assert(ptx->json);
  jout = pcp_pub2jsont(sk, sig);
  jdump  = json_dumps(jout, JSON_INDENT(4) | JSON_PRESERVE_ORDER);
  if(jdump != NULL) {
    buffer_add_str(b, jdump);
    free(jdump);
  }
  else {
    fatal(ptx, "JSON encoding error: %s", jerror);
  }
  json_decref(jout);
  return b;
 }
 #endif
 Buffer *pcp_export_pbp_pub(pcp_key_t *sk) {
  struct tm *v, *c;
  byte *signature = NULL;
@@ -611,10 +600,11 @@ Buffer *pcp_export_pbp_pub(pcp_key_t *sk) {
 }
-Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
+Buffer *pcp_export_rfc_pub (PCPCTX *ptx, pcp_key_t *sk) {
  Buffer *out = buffer_new(320, "exportbuf");
  Buffer *raw = buffer_new(256, "keysigbuf");
  /* add the header */
  buffer_add8(out, PCP_KEY_VERSION);
  buffer_add64be(out, sk->ctime);
@@ -710,6 +700,15 @@ Buffer *pcp_export_rfc_pub (pcp_key_t *sk) {
  /* append the signed hash */
  buffer_add(out, sig, crypto_sign_BYTES + crypto_generichash_BYTES_MAX);
 #ifdef HAVE_JSON
  if(ptx->json) {
    Buffer *jout = pcp_export_json_pub(ptx, sk, sig);
    buffer_free(out);
    out = jout;
  }
 #endif
  /* and that's it. wasn't that easy? :) */
  buffer_free(raw);
  memset(hash, 0, crypto_generichash_BYTES_MAX);
@@ -727,43 +726,65 @@ Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase) {
  size_t es;
  Buffer *raw = buffer_new(512, "secretbuf");
-  Buffer *out = buffer_new(512, "secretciperblob");
+  Buffer *out = buffer_new(512, "secretcipherblob");
  buffer_add(raw, sk->mastersecret, 64);
  buffer_add(raw, sk->secret, 32);
  buffer_add(raw, sk->edsecret, 64);
-  buffer_add(raw, sk->masterpub, 32);
+#ifdef HAVE_JSON
-  buffer_add(raw, sk->pub, 32);
+  if(! ptx->json) {
-  buffer_add(raw, sk->edpub, 32);
+    /* only encrypt everything if exporting in native format */
 #endif
-  if(strlen(sk->owner) > 0) {
+    buffer_add(raw, sk->masterpub, 32);
-    buffer_add16be(raw, strlen(sk->owner));
+    buffer_add(raw, sk->pub, 32);
-    buffer_add(raw, sk->owner,  strlen(sk->owner));
+    buffer_add(raw, sk->edpub, 32);
    if(strlen(sk->owner) > 0) {
      buffer_add16be(raw, strlen(sk->owner));
      buffer_add(raw, sk->owner,  strlen(sk->owner));
    }
    else
      buffer_add16be(raw, 0);
    if(strlen(sk->mail) > 0) {
      buffer_add16be(raw, strlen(sk->mail));
      buffer_add(raw, sk->mail, strlen(sk->mail));
    }
    else
      buffer_add16be(raw, 0);
    buffer_add64be(raw, sk->ctime);
    buffer_add32be(raw, sk->version);
    buffer_add32be(raw, sk->serial);
 #ifdef HAVE_JSON
  }
-  else
+#endif
-    buffer_add16be(raw, 0);
+  
  if(strlen(sk->mail) > 0) {
    buffer_add16be(raw, strlen(sk->mail));
    buffer_add(raw, sk->mail, strlen(sk->mail));
  }
  else
    buffer_add16be(raw, 0);
  buffer_add64be(raw, sk->ctime);
  buffer_add32be(raw, sk->version);
  buffer_add32be(raw, sk->serial);
  nonce = ucmalloc(crypto_secretbox_NONCEBYTES);
  arc4random_buf(nonce, crypto_secretbox_NONCEBYTES);
  symkey = pcp_scrypt(ptx, passphrase, strlen(passphrase), nonce, crypto_secretbox_NONCEBYTES);
  es = pcp_sodium_mac(&cipher, buffer_get(raw), buffer_size(raw), nonce, symkey);
-  buffer_add(out, nonce, crypto_secretbox_NONCEBYTES);
+#ifdef HAVE_JSON
-  buffer_add(out, cipher, es);
+  if(ptx->json) {
    Buffer *jout = pcp_export_json_secret(ptx, sk, nonce, cipher, es);
    buffer_free(out);
    out = jout;
  }
  else {
 #endif
    buffer_add(out, nonce, crypto_secretbox_NONCEBYTES);
    buffer_add(out, cipher, es);
 #ifdef HAVE_JSON
  }
 #endif 
  buffer_free(raw);
  ucfree(nonce, crypto_secretbox_NONCEBYTES);
  sfree(symkey);
--- a/libpcp/util.c
+++ b/libpcp/util.c
@@ -74,3 +74,12 @@ void _dump(char *n, byte *d, size_t s) {
  }
  fprintf(stderr, "\n");
 }
 char *_bin2hex(byte *bin, size_t len) {
  char *out = malloc((len*2) + 1);
  size_t i;
  for(i=0; i<len; ++i)
    sprintf(&out[i*2], "%02x", bin[i]);
  out[len*2] = '\0';
  return out;
 }
--- a/man/options.pod
+++ b/man/options.pod
@@ -62,12 +62,9 @@
 -K --import               Import a key. pcp determines automatically
    --import-key           the key type and encodingg. Use -I to import
                           from a file.
 -y --export-yaml          Export all keys stored in your vault
                           as YAML formatted text. Use -O to put
                           the export into a file.
 -F --format               Export the key in a particular format.
-                           Currently supported: pcp, pbp, yaml,
+                           Currently supported: pcp and pbp.
-                           perl and C.
+ -j --json                 enable JSON ex- and import of keys.
 Encryption Options:
 -e --encrypt              Asym-Encrypt a message. Read from stdin or
--- a/src/keymgmt.c
+++ b/src/keymgmt.c
@@ -357,7 +357,7 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
  /* now, we're ready for the actual export */
  if(format == EXP_FORMAT_NATIVE) {
    if(is_foreign == 0) {
-      exported_pk = pcp_export_rfc_pub(sk);
+      exported_pk = pcp_export_rfc_pub(ptx, sk);
      if(exported_pk != NULL) {
 	if(armor == 1) {
 	  size_t zlen;
@@ -395,24 +395,6 @@ void pcp_exportpublic(char *keyid, char *passwd, char *outfile, int format, int
      goto errpcpexpu1;
    }
  }
  else if(format == EXP_FORMAT_YAML) {
    exported_pk = pcp_export_yaml_pub(sk);
    if(exported_pk != NULL) {
      fprintf(out, "%s", buffer_get_str(exported_pk));
    }
  }
  else if(format == EXP_FORMAT_PERL) {
    exported_pk = pcp_export_perl_pub(sk);
    if(exported_pk != NULL) {
      fprintf(out, "%s", buffer_get_str(exported_pk));
    }
  }
  else if(format == EXP_FORMAT_C) {
    exported_pk = pcp_export_c_pub(sk);
    if(exported_pk != NULL) {
      fprintf(out, "%s", buffer_get_str(exported_pk));
    }
  }
 errpcpexpu1:
  ;
--- a/src/keyprint.c
+++ b/src/keyprint.c
@@ -298,74 +298,6 @@ void pcppubkey_printshortinfo(pcp_pubkey_t *key) {
  free(r);
 }
 void pcpexport_yaml(char *outfile) {
  FILE *out;
  if(outfile == NULL) {
    out = stdout;
  }
  else {
    if((out = fopen(outfile, "wb+")) == NULL) {
      fatal(ptx, "Could not create output file %s\n", outfile);
      out = NULL;
    }
  }
  if(out != NULL) {
    pcp_key_t *s;
    pcp_pubkey_t *p;
    struct tm *c;
    time_t t = time(0);
    c = localtime(&t);
    fprintf(out, "#\n# YAML export of vault %s.\n", vault->filename);
    fprintf(out, "# Generated on: %04d-%02d-%02dT%02d:%02d:%02d\n",
 	    c->tm_year+1900, c->tm_mon+1, c->tm_mday,
 	    c->tm_hour, c->tm_min, c->tm_sec);
    fprintf(out, "---\n");
    fprintf(out, "secret-keys:\n");
    pcphash_iterate(ptx, s) {
      fprintf(out, " -\n");
      fprintf(out, "  id:         %s\n", s->id);
      fprintf(out, "  owner:      %s\n", s->owner);
      fprintf(out, "  mail:       %s\n", s->mail);
      fprintf(out, "  ctime:      %ld\n", (long int)s->ctime);
      fprintf(out, "  version:    %08x\n", s->version);
      fprintf(out, "  serial:     %08x\n", s->serial);
      fprintf(out, "  type:       %s\n",
 	      (s->type ==  PCP_KEY_TYPE_MAINSECRET) ? "primary" : " secret");
      fprintf(out, "  public:     "); pcpprint_bin(out, s->pub, 32); fprintf(out, "\n");
      if(s->secret[0] == 0) {
 	fprintf(out, "  encrypted:  yes\n");
 	fprintf(out, "  nonce:      "); pcpprint_bin(out, s->nonce, 24); fprintf(out, "\n");
 	fprintf(out, "  secret:     "); pcpprint_bin(out, s->encrypted, 80); fprintf(out, "\n");
      }
      else {
 	fprintf(out, "  encrypted:  no\n");
 	fprintf(out, "  secret:     "); pcpprint_bin(out, s->secret, 32); fprintf(out, "\n");
 	fprintf(out, "  edsecret:   "); pcpprint_bin(out, s->edsecret, 64); fprintf(out, "\n");
      }
      fprintf(out, "  edpub:      "); pcpprint_bin(out, s->edpub, 32); fprintf(out, "\n");
    }
    fprintf(out, "public-keys:\n");
    pcphash_iteratepub(ptx, p) {
      fprintf(out, " -\n");
      fprintf(out, "  id:      %s\n", p->id);
      fprintf(out, "  owner:   %s\n", p->owner);
      fprintf(out, "  mail:    %s\n", p->mail);
      fprintf(out, "  ctime:   %ld\n", (long int)p->ctime);
      fprintf(out, "  version: %08x\n", p->version);
      fprintf(out, "  serial:  %08x\n", p->serial);
      fprintf(out, "  type:    public\n");
      fprintf(out, "  public:  "); pcpprint_bin(out, p->pub, 32); fprintf(out, "\n");
      fprintf(out, "  edpub:   "); pcpprint_bin(out, p->edpub, 32); fprintf(out, "\n");
    }
  }
 }
 void pcpprint_bin(FILE *out, byte *data, size_t len) {
  size_t i;
  for ( i = 0;i < len;++i)
--- a/src/keyprint.h
+++ b/src/keyprint.h
@@ -44,7 +44,6 @@ void pcptext_key(char *keyid);
 void pcptext_vault(vault_t *vault);
 int pcptext_infile(char *infile);
 void pcpexport_yaml(char *outfile);
 void pcpprint_bin(FILE *out, byte *data, size_t len);
 #endif /*  _HAVE_PCP_KEYPRINT_H */
--- a/src/pcp.c
+++ b/src/pcp.c
@@ -106,7 +106,6 @@ int main (int argc, char **argv)  {
    { "import-key",      no_argument,       NULL,           'K' }, /* alias -K */
    { "remove-key",      no_argument,       NULL,           'R' },
    { "edit-key",        no_argument,       NULL,           'E' },    
    { "export-yaml",     no_argument,       NULL,           'y' },
    { "export-format",   required_argument, NULL,           'F' },
    /*  crypto */
@@ -121,6 +120,7 @@ int main (int argc, char **argv)  {
    { "armor",           no_argument,       NULL,           'a' }, /* alias -z */
    { "textmode",        no_argument,       NULL,           'a' }, /* alias -z */
    { "z85-decode",      no_argument,       NULL,           'Z' },
    { "json-io",         no_argument,       NULL,           'j' },
    /*  globals */
    { "help",            no_argument,       NULL,           'h' },
@@ -135,7 +135,7 @@ int main (int argc, char **argv)  {
    { NULL,              0,                 NULL,            0 }
  };
-  while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcymf:b1F:0KAMX:",
+  while ((opt = getopt_long(argc, argv, "klLV:vdehsO:i:I:pSPRtEx:DzaZr:gcmf:b1F:0KAMX:j",
 			    longopts, NULL)) != -1) {
    switch (opt)  {
@@ -210,26 +210,18 @@ int main (int argc, char **argv)  {
 	else if(strncmp(optarg, "pcp", 3) == 0) {
 	  exportformat = EXP_FORMAT_NATIVE;
 	}
 	else if(strncmp(optarg, "yaml", 3) == 0) {
 	  exportformat = EXP_FORMAT_YAML;
 	}
 	else if(strncmp(optarg, "c", 3) == 0) {
 	  exportformat = EXP_FORMAT_C;
 	}
 	else if(strncmp(optarg, "py", 3) == 0) {
 	  exportformat = EXP_FORMAT_PY;
 	}
 	else if(strncmp(optarg, "perl", 3) == 0) {
 	  exportformat = EXP_FORMAT_PERL;
 	}
 	else if(strncmp(optarg, "c", 3) == 0) {
 	  exportformat = EXP_FORMAT_C;
 	}
 	else {
 	  warn("Unknown export format specified, using native\n");
 	  exportformat = EXP_FORMAT_NATIVE;
 	}
 	break;
      case 'j':
 #ifdef HAVE_JSON
 	ptx->json = 1;
 #else
 	fprintf(stderr, "WARN: -j set, but no JSON support compiled in. Recompile with --with-json\n");
 #endif
 	break;
      case 'g':
 	mode += PCP_MODE_SIGN;
 	usevault = 1;
@@ -243,10 +235,6 @@ int main (int argc, char **argv)  {
 	strncpy(sigfile, optarg, strlen(optarg)+1);
 	detach = 1;
 	break;
      case 'y':
 	mode += PCP_MODE_YAML;
 	usevault = 1;
 	break;
      case 'V':
 	strncpy(vaultfile, optarg, 1024);
@@ -566,10 +554,6 @@ int main (int argc, char **argv)  {
 	}
 	break;
      case PCP_MODE_YAML:
 	pcpexport_yaml(outfile);
 	break;
      default:
 	/*   */
 	goto ELSEMODE;
--- a/src/usage.h
+++ b/src/usage.h
@@ -28,9 +28,10 @@
 "-s --export-secret        Export a secret key.\n" \
 "-p --export-public        Export a public key.\n" \
 "-K --import               Import a secret or public key.\n" \
 "-y --export-yaml          Export all keys as YAML formatted text.\n" \
 "-F --export-format <fmt>  Specify exportformat, either 'pbp' or 'pcp'.\n" \
 "                          'pcp' is the default if unspecified.\n" \
 "-j --json                 Enable JSON ex- and import of keys.\n" \
 "\n" \
 "Encryption Options:\n" \
 "-e --encrypt              Asym-Encrypt a message. If none of -i or -r\n" \
 "                          has been given, encrypt the message symetrically.\n" \
@@ -50,6 +51,5 @@
 "Arguments:\n" \
 "Extra arguments after options are treated as filenames or\n" \
 "recipients, depending on operation mode.\n" \
-"\n" \
+""
 "\n"
 #endif
--- a/src/usage.sh
+++ b/src/usage.sh
@@ -6,5 +6,5 @@ echo -n "#define PCP_HELP " >> usage.h
 cat usage.txt | sed -e 's/^/"/' -e 's/$/\\n" \\/' >> usage.h
-echo "\"\\n\"" >> usage.h
+printf "\"\"\\n" >> usage.h
 echo "#endif" >> usage.h
--- a/src/usage.txt
+++ b/src/usage.txt
@@ -26,9 +26,10 @@ Keymanagement Options:
 -s --export-secret        Export a secret key.
 -p --export-public        Export a public key.
 -K --import               Import a secret or public key.
 -y --export-yaml          Export all keys as YAML formatted text.
 -F --export-format <fmt>  Specify exportformat, either 'pbp' or 'pcp'.
                          'pcp' is the default if unspecified.
 -j --json                 Enable JSON ex- and import of keys.
 Encryption Options:
 -e --encrypt              Asym-Encrypt a message. If none of -i or -r
                          has been given, encrypt the message symetrically.
@@ -48,4 +49,3 @@ Encoding Options:
 Arguments:
 Extra arguments after options are treated as filenames or
 recipients, depending on operation mode.
--- a/tests/unittests.cfg
+++ b/tests/unittests.cfg
@@ -267,11 +267,6 @@ temporarily disabled
    expect = /added to/
  </test>
  <test check-vcl-crypto-unencrypted-secret-yaml>
    cmd = $pcp -V vcl -y
    expect = /encrypted:  no/
  </test>
  <test check-vcl-prepare-import-bpub>
    cmd = $pcp -V vcl -I key-bobby-pub -K
    expect = /added/
@@ -359,13 +354,6 @@ temporarily disabled
  expect = /Verified/s
 </test>
 #
 # yaml export test
 <test check-export-yaml>
  cmd = $pcp -V va -y | perl -Ilib -MYAML -MData::Dumper -e "print Dumper(Load(join('',<>)))"
  expect = /VAR1/
 </test>
 #
 # raw C test with prepared keys, message and cipher
 <test check-raw-decrypt>