(re-)added detached signature support, now with 32k-blockwise reading of files, enabled with -a.

src/encryption.c

@@ -259,7 +259,7 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
   size_t clen = 0;
 
   if(self == 1)
-    pcp_encrypt_file_sym(in, out, symkey, 0);
+    clen = pcp_encrypt_file_sym(in, out, symkey, 0);
   else
     clen = pcp_encrypt_file(in, out, secret, pubhash);
 

src/pcp.c

@@ -44,10 +44,11 @@ char *default_vault() {
 }
 
 int main (int argc, char **argv)  {
-  int opt, mode, usevault, useid, userec, lo, armor;
+  int opt, mode, usevault, useid, userec, lo, armor, detach;
   char *vaultfile = default_vault();
   char *outfile = NULL;
   char *infile = NULL;
+  char *sigfile = NULL;
   char *keyid = NULL;
   char *id = NULL;
   char *xpass = NULL;
@@ -63,6 +64,7 @@ int main (int argc, char **argv)  {
   userec = 0;
   lo = 0;
   armor = 0;
+  detach = 0;
 
   static struct option longopts[] = {
     // generics
@@ -101,11 +103,12 @@ int main (int argc, char **argv)  {
 
     // signing
     { "sign",            no_argument,       NULL,           'g' }, 
-    { "check-signature", no_argument,       NULL,           'c' }, 
+    { "check-signature", required_argument, NULL,           'c' }, 
+    { "detach",          no_argument,       NULL,           'a' }, 
     { NULL,              0,                 NULL,            0 }
   };
 
-  while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gcym",
+  while ((opt = getopt_long(argc, argv, "klV:vdehsO:i:I:pSPRtEx:DzZr:gc:yma",
 			    longopts, NULL)) != -1) {
   
     switch (opt)  {
@@ -171,12 +174,17 @@ int main (int argc, char **argv)  {
       case 'Z':
 	armor = 1;
 	break;
+      case 'a':
+	detach = 1;
+	break;
       case 'g':
 	mode += PCP_MODE_SIGN;
 	usevault = 1;
 	break;
       case 'c':
 	mode += PCP_MODE_VERIFY;
+	sigfile = ucmalloc(strlen(optarg)+1);
+	strncpy(sigfile, optarg, strlen(optarg)+1);
 	usevault = 1;
 	break;
       case 'y':
@@ -372,19 +380,19 @@ int main (int argc, char **argv)  {
 	break;	
 
       case PCP_MODE_SIGN:
-	pcpsign(infile, outfile, xpass, armor);
+	pcpsign(infile, outfile, xpass, armor, detach);
 	break;
 
       case PCP_MODE_VERIFY:
 	if(useid) {
 	  id = pcp_normalize_id(keyid);
 	  if(id != NULL) {
-	    pcpverify(infile, id);
+	    pcpverify(infile, sigfile, id, detach);
 	    free(id);
 	  }
 	}
 	else {
-	  pcpverify(infile, NULL);
+	  pcpverify(infile, sigfile, NULL, detach);
 	}
 	break;
 

src/signature.c

@@ -23,7 +23,8 @@
 #include "signature.h"
 #include "defines.h"
 
-int pcpsign(char *infile, char *outfile, char *passwd, int z85) {
+
+int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach) {
   FILE *in = NULL;
   FILE *out = NULL;
   pcp_key_t *secret = NULL;
@@ -70,7 +71,11 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85) {
       goto errs1;
   }
 
-  size_t sigsize = pcp_ed_sign_buffered(in, out, secret, z85);
+  size_t sigsize;
+  if(detach == 1)
+    sigsize = pcp_ed_detachsign_buffered(in, out, secret);
+  else
+    sigsize = pcp_ed_sign_buffered(in, out, secret, z85);
 
   if(sigsize == 0)
     goto errs1;
@@ -83,10 +88,10 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85) {
   return 1;
 }
 
-int pcpverify(char *infile, char *id) {
+int pcpverify(char *infile, char *sigfile, char *id, int detach) {
   FILE *in = NULL;
+  FILE *sigfd = NULL;
   pcp_pubkey_t *pub = NULL;
-  unsigned char *message = NULL;
 
   if(infile == NULL)
     in = stdin;
@@ -97,27 +102,24 @@ int pcpverify(char *infile, char *id) {
     }
   }
 
+  if(sigfile != NULL) {
+    if((sigfd = fopen(sigfile, "rb")) == NULL) {
+      fatal("Could not open signature file %s\n", sigfile);
+      goto errv1;
+    }
+  }
+  
   if(id != NULL)
     HASH_FIND_STR(pcppubkey_hash, id, pub);
  
-  if(pub != NULL) {
-    message = pcp_ed_verify_buffered(in, pub);
-    if(message != NULL) {
-      fprintf(stderr, "Signature verified (signed by %s <%s>).\n", pub->owner, pub->mail);
-    }
-  }
-  else {
-    // put public key as pub, so verify iterates over our keys
-    message = pcp_ed_verify_buffered(in, pub);
-    if(message != NULL) {
-      fprintf(stderr, "Signature verified (signed by %s <%s>).\n", pub->owner, pub->mail);
-    }
-  }
+  if(detach)
+    pub = pcp_ed_detachverify_buffered(in, sigfd, pub);
+  else
+    pub = pcp_ed_verify_buffered(sigfd, pub);
 
-  if(message != NULL) {
-    free(message);
-    return 0;
-  }
+  if(pub != NULL)
+    fprintf(stderr, "Signature verified (signed by %s <%s>).\n", pub->owner, pub->mail);
+  
 
  errv4:
 

src/signature.h

@@ -32,8 +32,8 @@
 #include "uthash.h"
 #include "z85.h"
 
-int pcpsign(char *infile, char *outfile, char *passwd, int z85);
-int pcpverify(char *infile, char *id);
+int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach);
+int pcpverify(char *infile, char *sigfile, char *id, int detach);
 
 
 

src/usage.txt

@@ -92,11 +92,15 @@ Signature Options:
                           -I (or from stdin) using your primary
                           secret key. If -r has been given, a derived
                           secret key will be used for signing.
-
 -c --check-signature <file> Verify a signature in file <file> against
                           the file specified with -I (or stdin).
                           The public key required for this must
                           exist in your vault file.
+-a --detach               Write a detached signature file, which doesn't
+                          contain the original content. Output will be
+                          z85 encoded always. To verify, you need to
+                          specify the original file to be verified
+                          against using -I as well (plus -a).
 
 Encoding Options:
 -z --z85-encode           Encode something to Z85 encoding. Use