removed support to store unencrypted secret key

src/encryption.c

@@ -95,29 +95,27 @@ int pcpdecrypt(char *id, int useid, char *infile, char *outfile, char *passwd, i
 	  goto errde3;
 	}
       }
-      if(secret->secret[0] == 0) {
-	/*  encrypted, decrypt it */
-	char *passphrase;
-	if(passwd == NULL) {
-	  pcp_readpass(ptx, &passphrase,
-		       "Enter passphrase to decrypt your secret key", NULL, 1, NULL);
-	}
-	else {
-	  passphrase = smalloc(strlen(passwd)+1);
-	  memcpy(passphrase, passwd, strlen(passwd)+1);
-	}
 
-	secret = pcpkey_decrypt(ptx, secret, passphrase);
-	sfree(passphrase);
-	if(secret == NULL)
-	  goto errde3;
-
-	if(head == PCP_ASYM_CIPHER_ANON)
-	  anon = 1;
-
-	if(head == PCP_ASYM_CIPHER_SIG)
-	  verify = 1;
+      char *passphrase;
+      if(passwd == NULL) {
+	pcp_readpass(ptx, &passphrase,
+		     "Enter passphrase to decrypt your secret key", NULL, 1, NULL);
       }
+      else {
+	passphrase = smalloc(strlen(passwd)+1);
+	memcpy(passphrase, passwd, strlen(passwd)+1);
+      }
+
+      secret = pcpkey_decrypt(ptx, secret, passphrase);
+      sfree(passphrase);
+      if(secret == NULL)
+	goto errde3;
+      
+      if(head == PCP_ASYM_CIPHER_ANON)
+	anon = 1;
+
+      if(head == PCP_ASYM_CIPHER_SIG)
+	verify = 1;
     }
     else {
       fatal(ptx, "Could not determine input file type (got: %02x)\n", head);
@@ -264,22 +262,20 @@ int pcpencrypt(char *id, char *infile, char *outfile, char *passwd, plist_t *rec
 	goto erren2;
       }
 
-      if(secret->secret[0] == 0) {
-        /*  encrypted, decrypt it */
-        char *passphrase;
-	if(passwd == NULL) {
-          pcp_readpass(ptx, &passphrase,
-		       "Enter passphrase to decrypt your secret key", NULL, 1, NULL);
-        }
-	else {
-          passphrase = smalloc(strlen(passwd)+1);
-	  memcpy(passphrase, passwd, strlen(passwd)+1);
-        }
-	secret = pcpkey_decrypt(ptx, secret, passphrase);
-	sfree(passphrase);
-	if(secret == NULL)
-	  goto erren2;
+      char *passphrase;
+      if(passwd == NULL) {
+	pcp_readpass(ptx, &passphrase,
+		     "Enter passphrase to decrypt your secret key", NULL, 1, NULL);
       }
+      else {
+	passphrase = smalloc(strlen(passwd)+1);
+	memcpy(passphrase, passwd, strlen(passwd)+1);
+      }
+      secret = pcpkey_decrypt(ptx, secret, passphrase);
+      sfree(passphrase);
+      if(secret == NULL)
+	goto erren2;
+      
     }
   }
 

src/keymgmt.c

@@ -1,7 +1,7 @@
 /*
     This file is part of Pretty Curved Privacy (pcp1).
 
-    Copyright (C) 2013-2015 T.Linden.
+    Copyright (C) 2013-2015 T.v.Dein.
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -97,14 +97,10 @@ void pcp_keygen(char *passwd) {
     key = pcpkey_encrypt(ptx, k, passphrase);
   }
   else {
-    char *yes = pcp_getstdin("WARNING: secret key will be stored unencrypted. Are you sure [yes|NO]?");
-    if(strncmp(yes, "yes", 1024) == 0)
-      key = k;
-    else {
-      memset(key, 0, sizeof(pcp_key_t));
-      free(key);
-      goto errkg1;
-    }
+    /* No unencrypted secret key allowed anymore [19.08.2015, tom] */
+    memset(k, 0, sizeof(pcp_key_t));
+    free(k);
+    goto errkg1;
   }
 
   if(key != NULL) {
@@ -239,24 +235,21 @@ void pcp_exportsecret(char *keyid, int useid, char *outfile, int armor, char *pa
     if(debug)
       pcp_dumpkey(key);
 
-    if(key->secret[0] == 0) {
-      /* decrypt the secret key */
-      if(passwd == NULL) {
-	char *passphrase;
-	pcp_readpass(ptx, &passphrase,
-		     "Enter passphrase to decrypt your secret key", NULL, 1, NULL);
-	key = pcpkey_decrypt(ptx, key, passphrase);
-	if(key == NULL) {
-	  sfree(passphrase);
-	  goto errexpse1;
-	}
+    if(passwd == NULL) {
+      char *passphrase;
+      pcp_readpass(ptx, &passphrase,
+		   "Enter passphrase to decrypt your secret key", NULL, 1, NULL);
+      key = pcpkey_decrypt(ptx, key, passphrase);
+      if(key == NULL) {
 	sfree(passphrase);
+	goto errexpse1;
       }
-      else {
-	key = pcpkey_decrypt(ptx, key, passwd);
-	if(key == NULL) {
-	  goto errexpse1;
-	}
+      sfree(passphrase);
+    }
+    else {
+      key = pcpkey_decrypt(ptx, key, passwd);
+      if(key == NULL) {
+	goto errexpse1;
       }
     }
 

src/pcp.c

@@ -270,8 +270,6 @@ int main (int argc, char **argv)  {
       case 'x':
 	xpass = smalloc(strlen(optarg)+1);
 	strncpy(xpass, optarg, strlen(optarg)+1);
-	if(strncmp(xpass, "n/a", 3) == 0)
-	  xpass[0] = '\0';
 	break;
       case LONG_EXTPASS:
 	askpass = malloc(strlen(optarg)+1);

src/signature.c

@@ -54,23 +54,20 @@ int pcpsign(char *infile, char *outfile, char *passwd, int z85, int detach) {
     }
   }
 
-  if(secret->secret[0] == 0) {
-    /*  encrypted, decrypt it */
-    char *passphrase;
-    if(passwd == NULL) {
-      pcp_readpass(ptx, &passphrase,
-		   "Enter passphrase to decrypt your secret key", NULL, 1, NULL);
-    }
-    else {
-      passphrase = smalloc(strlen(passwd)+1);
-      memcpy(passphrase, passwd, strlen(passwd)+1);
-    }
-
-    secret = pcpkey_decrypt(ptx, secret, passphrase);
-    sfree(passphrase);
-    if(secret == NULL)
-      goto errs1;
+  char *passphrase;
+  if(passwd == NULL) {
+    pcp_readpass(ptx, &passphrase,
+		 "Enter passphrase to decrypt your secret key", NULL, 1, NULL);
   }
+  else {
+    passphrase = smalloc(strlen(passwd)+1);
+    memcpy(passphrase, passwd, strlen(passwd)+1);
+  }
+
+  secret = pcpkey_decrypt(ptx, secret, passphrase);
+  sfree(passphrase);
+  if(secret == NULL)
+    goto errs1;
 
   Pcpstream *pin = ps_new_file(in);
   Pcpstream *pout = ps_new_file(out);