changed key format, now includes the ed25519 pubkey for signing.

src/keyprint.c

@@ -26,14 +26,16 @@
 void pcptext_key(char *keyid) {
   pcp_key_t *s = pcpkey_exists(keyid);
   if(s != NULL) {
+    if(debug)
+      pcp_dumpkey(s);
     pcpkey_print(s, stdout);
-    free(s);
   }
   else {
     pcp_pubkey_t *p = pcppubkey_exists(keyid);
     if(p != NULL) {
+      if(debug)
+	pcp_dumppubkey(p);
       pcppubkey_print(p, stdout);
-      free(p);
     }
     else {
       fatal("No key with id 0x%s found!\n", keyid);
@@ -191,6 +193,10 @@ void pcp_dumpkey(pcp_key_t *k) {
   for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->secret[i]);
   printf("\n");
 
+  printf("    edpub: ");
+  for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->edpub[i]);
+  printf("\n");
+
   printf("    nonce: ");
   for ( i = 0;i < 24;++i) printf("%02x",(unsigned int) k->nonce[i]);
   printf("\n");
@@ -222,6 +228,10 @@ void pcp_dumppubkey(pcp_pubkey_t *k) {
   for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->public[i]);
   printf("\n");
 
+  printf("    edpub: ");
+  for ( i = 0;i < 32;++i) printf("%02x",(unsigned int) k->edpub[i]);
+  printf("\n");
+
   printf("    owner: %s\n", k->owner);
 
   printf("     mail: %s\n", k->mail);

src/keyprint.h

@@ -26,6 +26,7 @@
 #include "mem.h"
 #include "key.h"
 #include "vault.h"
+#include "pcp.h"
 
 void pcp_dumpkey(pcp_key_t *k);
 void pcp_dumppubkey(pcp_pubkey_t *k);

src/pcp.c

@@ -370,7 +370,7 @@ int main (int argc, char **argv)  {
 	break;	
 
       case PCP_MODE_SIGN:
-	pcpsign(infile, outfile, xpass);
+	pcpsign(infile, outfile, recipient, xpass);
 	break;
 
       case PCP_MODE_VERIFY:

src/signature.c

@@ -23,7 +23,7 @@
 #include "signature.h"
 #include "defines.h"
 
-int pcpsign(char *infile, char *outfile, char *passwd) {
+int pcpsign(char *infile, char *outfile, char *recipient, char *passwd) {
   FILE *in = NULL;
   FILE *out = NULL;
   pcp_key_t *secret = NULL;
@@ -33,6 +33,10 @@ int pcpsign(char *infile, char *outfile, char *passwd) {
     fatal("Could not find a secret key in vault %s!\n", vault->filename);
     goto errs1;
   }
+  
+  if(recipient != NULL) {
+    secret = pcp_derive_pcpkey(secret, recipient);
+  }
 
   if(infile == NULL)
     in = stdin;
@@ -205,7 +209,6 @@ int pcpverify(char *infile, char *sigfile) {
 
   free(decoded);
   free(encoded);
-  free(sig);
   free(input);
   return 0;
 
@@ -214,7 +217,6 @@ int pcpverify(char *infile, char *sigfile) {
 
  errv3:
   free(decoded);
-  free(sig);
 
  errv2:
   //  free(encoded); why???

src/signature.h

@@ -32,7 +32,7 @@
 #include "uthash.h"
 #include "z85.h"
 
-int pcpsign(char *infile, char *outfile, char *passwd);
+int pcpsign(char *infile, char *outfile, char *recipient, char *passwd);
 int pcpverify(char *infile, char *sigfile);
 
 

src/usage.h

@@ -66,6 +66,17 @@
 "                          one will be used. Otherwise you'll have\n" \
 "                          to specify the keyid (-i) of the key.\n" \
 "\n" \
+"Signature Options:\n" \
+"-g --sign                 Create a signature of file specified with\n" \
+"                          -I (or from stdin) using your primary\n" \
+"                          secret key. If -r has been given, a derived\n" \
+"                          secret key will be used for signing.\n" \
+"\n" \
+"-c --check-signature <file> Verify a signature in file <file> against\n" \
+"                          the file specified with -I (or stdin).\n" \
+"                          The public key required for this must\n" \
+"                          exist in your vault file.\n" \
+"\n" \
 "Encoding Options:\n" \
 "-z --z85-encode           Encode something to Z85 encoding. Use\n" \
 "                          -I and -O respectively, otherwise it\n" \

src/usage.txt

@@ -64,6 +64,17 @@ Encryption Options:
                           one will be used. Otherwise you'll have
                           to specify the keyid (-i) of the key.
 
+Signature Options:
+-g --sign                 Create a signature of file specified with
+                          -I (or from stdin) using your primary
+                          secret key. If -r has been given, a derived
+                          secret key will be used for signing.
+
+-c --check-signature <file> Verify a signature in file <file> against
+                          the file specified with -I (or stdin).
+                          The public key required for this must
+                          exist in your vault file.
+
 Encoding Options:
 -z --z85-encode           Encode something to Z85 encoding. Use
                           -I and -O respectively, otherwise it