bump

2025-12-17 12:00:56 +01:00 · 2016-10-20 23:12:00 +02:00
parent 94ea152460
commit f664cc24c4
9 changed files with 1100 additions and 1153 deletions
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-NEXT
+0.4.0
 	Changed -C again: doesnt support a key argument
 	anymore, instead I use the facilities I already
 	have in place (-x and -X). Also, I don't generate
@@ -28,6 +28,8 @@ NEXT
 	Added -v support for -d and -e.
 	Removed endian conversion stuff. see util.c for details.
 0.3.0
 	Changed publuc key signature storage, previously
--- a/28
+++ b/28
@@ -1,27 +1,27 @@
 DESCRIPTION
    Pretty Curved Privacy (pcp1) is a commandline utility which can be used
-    to encrypt files. pcp1 uses elliptic curve cryptography for encryption
+    to encrypt files. pcp1 uses eliptc curve cryptography for encryption
-    (CURVE25519 by Dan J. Bernstein). While CURVE25519 is not a worldwide
+    (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide
    accepted standard it hasn't been compromised by the NSA - which might be
    better, depending on your point of view.
-    Caution: since CURVE25519 is not an accepted standard, pcp1 has to be
+    Caution: since CURVE25519 is no accepted standard, pcp1 has to be
-    considered experimental software. In fact, I wrote it just to learn
+    considered as experimental software. In fact, I wrote it just to learn
    about the curve and see how it works.
    Beside some differences it works like GNUPG. So, if you already know how
-    to use gpg, you'll feel almost at home.
+    to use gpg, you'll feel almost home.
 QUICKSTART
    Lets say, Alicia and Bobby want to exchange encrypted messages. Here's
-    what they need to do.
+    what the've got to do.
-    First, both have to create a secret key:
+    First, both have create a secret key:
     Alicia                             Bobby
     pcp1 -k                            pcp1 -k
-    After entering their name, email address, and a passphrase to protect the
+    After entering their name, email address and a passphrase to protect the
    key, it will be stored in their vault file (by default ~/.pcpvault).
    Now, both of them have to export the public key, which has to be
@@ -32,18 +32,18 @@ QUICKSTART
     Alicia                             Bobby
     pcp1 -p -r Bobby -O alicia.pub     pcp1 -p -r Alicia -O bobby.pub
-    They've got to exchange the public key somehow (which is not my problem at
+    They've to exchange the public key somehow (which is not my problem at
-    the moment, use ssh, encrypted mail, etc). Once exchanged, they
+    the moment, use ssh, encrypted mail, whatever). Once exchanged, they
    have to import it:
     Alicia                             Bobby
     pcp1 -K -I bobby.pub               pcp1 -K -I alicia.pub
-    They will see a response when this is done:
+    They will see a response as this when done:
     key 0x29A323A2C295D391 added to .pcpvault.
-    Now, Alicia finally writes the secret message, encrypts it, and sends it
+    Now, Alicia finally writes the secret message, encrypts it and sends it
    to Bobby, who in turn decrypts it:
     Alicia                             Bobby
@@ -84,7 +84,7 @@ FILES AND PIPES
     ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
-    Here we encrypt a file symmetrically without downloading it from a
+    here we encrypt a file symmetrically without downloading it from a
    remote ssh server and sending the encrypted result via email to someone.
    The behavior is the same with any other functionality where files are
@@ -151,7 +151,7 @@ ADDITIONAL COPYRIGHTS
    Random art image from OpenSSH keygen
         Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
-         Committed by Alexander von Gernler in rev 1.7.
+         Comitted by Alexander von Gernler in rev 1.7.
    Every incorporated source code is opensource and licensed under the GPL
    as well.
--- a/README.pod
+++ b/README.pod
@@ -13,29 +13,29 @@
 =head1 DESCRIPTION
 B<Pretty Curved Privacy> (pcp1) is a commandline utility which can
-be used to encrypt files. B<pcp1> uses elliptic curve cryptography
+be used to encrypt files. B<pcp1> uses eliptc curve cryptography
 for encryption (CURVE25519 by Dan J. Bernstein). While CURVE25519
-is not a worldwide accepted standard it hasn't been compromised by
+is no worldwide accepted standard it hasn't been compromised by
 the NSA - which might be better, depending on your point of view.
-B<Caution>: since CURVE25519 is not an accepted standard, B<pcp1> has
+B<Caution>: since CURVE25519 is no accepted standard, B<pcp1> has
-to be considered experimental software. In fact, I wrote it just
+to be considered as experimental software. In fact, I wrote it just
 to learn about the curve and see how it works.
 Beside some differences it works like B<GNUPG>. So, if you already
-know how to use gpg, you'll feel almost at home.
+know how to use gpg, you'll feel almost home.
 =head1 QUICKSTART
 Lets say, Alicia and Bobby want to exchange encrypted messages.
-Here's what they need to do.
+Here's what the've got to do.
-First, both have to create a secret key:
+First, both have create a secret key:
 Alicia                             Bobby
 pcp1 -k                            pcp1 -k
-After entering their name, email address, and a passphrase to protect
+After entering their name, email address and a passphrase to protect
 the key, it will be stored in their B<vault file> (by default ~/.pcpvault).
 Now, both of them have to export the public key, which has to be
@@ -46,18 +46,18 @@ a derived public key especially for the recipient:
 Alicia                             Bobby
 pcp1 -p -r Bobby -O alicia.pub     pcp1 -p -r Alicia -O bobby.pub
-They've got to exchange the public key somehow (which is not my
+They've to exchange the public key somehow (which is not my
-problem at the moment, use ssh, encrypted mail, etc). Once exchanged,
+problem at the moment, use ssh, encrypted mail, whatever). Once exchanged,
 they have to import it:
 Alicia                             Bobby
 pcp1 -K -I bobby.pub               pcp1 -K -I alicia.pub
-They will see a response when this is done:
+They will see a response as this when done:
 key 0x29A323A2C295D391 added to .pcpvault.
-Now, Alicia finally writes the secret message, encrypts it, and
+Now, Alicia finally writes the secret message, encrypts it and
 sends it to Bobby, who in turn decrypts it:
 Alicia                             Bobby
@@ -100,7 +100,7 @@ realistic example:
 ssh remote cat file | pcp1 -ez | mailx -s 'as requested' bob@somewhere
-Here we encrypt a file symmetrically without downloading it from a
+here we encrypt a file symmetrically without downloading it from a
 remote ssh server and sending the encrypted result via email to
 someone.
--- a/2
+++ b/2
@@ -1,3 +1,5 @@
 keysig to vault: use sig2blog and blog2sig, just like we do with keys
 pcpstream.c: use static tmp buffers, avoid alloc mem during each iteration
 detach keysig generation from pub key export, so that an existing
--- a/2
+++ b/2
@@ -1 +1 @@
-0.3.1
+0.4.0
--- a/bindings/py/pypcp/raw.py
+++ b/bindings/py/pypcp/raw.py
@@ -16,64 +16,64 @@ typedef struct json_t {
 size_t refcount;
 } json_t;
-/*** ./gencffi.pl: from ../../include/pcp/defines.h:183 */
+/*** ./gencffi.pl: from ../../include/pcp/defines.h:185 */
 typedef unsigned char   byte;
-/*** ./gencffi.pl: from ../../include/pcp/defines.h:183 */
+/*** ./gencffi.pl: from ../../include/pcp/defines.h:185 */
 typedef unsigned short  dbyte;
-/*** ./gencffi.pl: from ../../include/pcp/defines.h:183 */
+/*** ./gencffi.pl: from ../../include/pcp/defines.h:185 */
 typedef unsigned int    qbyte;
 /*** ./gencffi.pl: from ../../include/pcp/plist.h:83 */
 typedef struct _plist_t plist_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_key_t pcp_key_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_pubkey_t pcp_pubkey_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pbp_pubkey_t pbp_pubkey_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_rec_t pcp_rec_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_keysig_t pcp_keysig_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_ctx_t PCPCTX;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _vault_t vault_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _vault_header_t vault_header_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _vault_item_header_t vault_item_header_t;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_buffer Buffer;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_stream_t Pcpstream;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_rfc_pubkey_header_t rfc_pub_h;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_rfc_pubkey_0x21_t  rfc_pub_k;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_rfc_pubkey_sigheader_0x21_t rfc_pub_sig_h;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_rfc_pubkey_sigsub_0x21_t rfc_pub_sig_s;
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 typedef struct _pcp_ks_bundle_t pcp_ks_bundle_t;
 /*** ./gencffi.pl: from ../../include/pcp/plist.h:83 */
 struct _plist_t {
@@ -82,7 +82,7 @@ struct _plist_t {
  struct _plist_t *first;
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_key_t {
  byte masterpub[LEDPUB];    /**< ED25519 master public key signing key */
  byte mastersecret[LEDSEC]; /**< ED25519 master secret key signing key */
@@ -102,7 +102,7 @@ struct _pcp_key_t {
  byte hh[56];
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_pubkey_t {
  byte masterpub[LEDPUB];    /**< ED25519 master public key signing key */
  byte pub[LBOXPUB];         /**< Curve25519 encryption public key */
@@ -119,7 +119,7 @@ struct _pcp_pubkey_t {
  byte hh[56];
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pbp_pubkey_t {
  byte masterpub[32];
  byte edpub[32];
@@ -129,7 +129,7 @@ struct _pbp_pubkey_t {
  char name[1024];
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_rec_t {
  size_t ciphersize; /**< the size of the encrypted recipient list */
  byte *cipher;      /**< contains the whole encrypted recipient list */
@@ -137,7 +137,7 @@ struct _pcp_rec_t {
  pcp_pubkey_t *pub; /**< if verification were ok, contains the public key of the signer */
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_keysig_t {
  uint8_t type;
  uint32_t size;
@@ -147,7 +147,7 @@ struct _pcp_keysig_t {
  byte hh[56];
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_ctx_t {
  char *pcp_err;    /**< last error message. retrieve with fatals_ifany() */
  byte pcp_errset;  /**< indicates if an error occurred. */
@@ -159,7 +159,7 @@ struct _pcp_ctx_t {
  pcp_keysig_t *pcpkeysig_hash; /**< hash for key sigs */
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _vault_t {
  char *filename;    /**< The filename of the vault (full path) */
  FILE *fd;          /**< Filehandle if opened */
@@ -172,14 +172,14 @@ struct _vault_t {
  byte checksum[LSHA]; /**< SHA256 checksum over the whole vault */
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _vault_header_t {
  uint8_t fileid;    /**< File id, proprietary. Marks the vault as a vault */
  uint32_t version;  /**< File version */
  byte checksum[LSHA]; /**< SHA256 checksum over the whole vault */
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _vault_item_header_t {
  uint8_t type;       /**< Item type (secret key, public, key, keysig, \see _PCP_KEY_TYPES */
  uint32_t size;      /**< Size of the item */
@@ -187,7 +187,7 @@ struct _vault_item_header_t {
  byte checksum[LSHA];  /**< SHA256 checksum of the item */
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_buffer {
  char *name;        /**< just for convenience in error messages and the like, so we know which buffer cause trouble */
  uint8_t allocated; /**< marks the buffer as allocated */
@@ -199,13 +199,14 @@ struct _pcp_buffer {
  void *buf;         /**< the actual storage buffer */
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_stream_t {
  FILE *fd;          /**< The backend FILE stream */
  Buffer *b;         /**< The backend Buffer object */
  Buffer *cache;     /**< The caching Buffer object (for look ahead read) */
  Buffer *next;      /**< The caching Next-Buffer object (for look ahead read) */
  Buffer *save;      /**< Temporary buffer to backup overflow data */
  byte    *xb;       /**< Temporary byte buffer for reading/writing data */
  uint8_t is_buffer; /**< Set to 1 if the backend is a Buffer */
  uint8_t eof;       /**< Set to 1 if EOF reached */
  uint8_t err;       /**< Set to 1 if an error occured */
@@ -219,21 +220,21 @@ struct _pcp_stream_t {
  size_t pos;        /**< remember i/o position */
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_rfc_pubkey_header_t {
  uint8_t version;
  uint64_t ctime;
  uint8_t cipher;
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_rfc_pubkey_0x21_t {
  byte sig_ed25519_pub[32];
  byte ed25519_pub[32];
  byte curve25519_pub[32];
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_rfc_pubkey_sigheader_0x21_t {
  uint8_t version;
  uint8_t type;
@@ -242,13 +243,13 @@ struct _pcp_rfc_pubkey_sigheader_0x21_t {
  uint16_t numsubs;
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_rfc_pubkey_sigsub_0x21_t {
  uint32_t size;
  uint8_t type;
 };
-/*** ./gencffi.pl: from ../../include/pcp/structs.h:379 */
+/*** ./gencffi.pl: from ../../include/pcp/structs.h:380 */
 struct _pcp_ks_bundle_t {
  pcp_pubkey_t *p;
  pcp_keysig_t *s;
@@ -463,82 +464,88 @@ char *pcp_get_passphrase(char *prompt);
 /*** ./gencffi.pl: from ../../include/pcp/jenhash.h:25 */
 unsigned jen_hash ( unsigned char *k, unsigned length, unsigned initval );
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_key_t *pcpkey_new ();
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 void pcp_keypairs(byte *msk, byte *mpk, byte *csk, byte *cpk, byte *esk, byte *epk);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 char *pcppubkey_get_art(pcp_pubkey_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 char *pcpkey_get_art(pcp_key_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_key_t *pcpkey_decrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_pubkey_t *pcpkey_pub_from_secret(pcp_key_t *key);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 char *pcp_getkeyid(pcp_key_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 char *pcp_getpubkeyid(pcp_pubkey_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 byte *pcppubkey_getchecksum(pcp_pubkey_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 byte *pcpkey_getchecksum(pcp_key_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_key_t * key2be(pcp_key_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_key_t *key2native(pcp_key_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_pubkey_t * pubkey2be(pcp_pubkey_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_pubkey_t *pubkey2native(pcp_pubkey_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 byte * pcp_gennonce();
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 byte *pcp_derivekey(PCPCTX *ptx, char *passphrase, byte *nonce);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 void pcp_seckeyblob(Buffer *b, pcp_key_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 void pcp_pubkeyblob(Buffer *b, pcp_pubkey_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 Buffer *pcp_keyblob(void *k, int type);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_key_t *pcp_blob2key(Buffer *b);
 /*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 pcp_pubkey_t *pcp_blob2pubkey(Buffer *b);
 /*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 int pcp_sanitycheck_pub(PCPCTX *ptx, pcp_pubkey_t *key);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 int pcp_sanitycheck_key(PCPCTX *ptx, pcp_key_t *key);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 void pcp_dumpkey(pcp_key_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 void pcp_dumppubkey(pcp_pubkey_t *k);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 void pcpkey_setowner(pcp_key_t *key, char *owner, char *mail);
-/*** ./gencffi.pl: from ../../include/pcp/key.h:320 */
+/*** ./gencffi.pl: from ../../include/pcp/key.h:324 */
 double pcp_getentropy(char *source);
 /*** ./gencffi.pl: from ../../include/pcp/keyhash.h:153 */
@@ -604,61 +611,61 @@ void ucfree(void *d, size_t len);
 /*** ./gencffi.pl: from ../../include/pcp/mem.h:58 */
 void sfree(void *d);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 Buffer *pcp_export_rfc_pub (PCPCTX *ptx, pcp_key_t *sk);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 Buffer *pcp_export_pbp_pub(pcp_key_t *sk);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 Buffer *pcp_export_secret(PCPCTX *ptx, pcp_key_t *sk, char *passphrase);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 Buffer *pcp_export_json_pub(PCPCTX *ptx, pcp_key_t *sk, byte *sig, size_t siglen);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 Buffer *pcp_export_json_secret(PCPCTX *ptx, pcp_key_t *sk, byte *nonce, byte *cipher, size_t clen);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 json_t *pcp_sk2json(pcp_key_t *sk, byte *sig,size_t siglen);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 json_t *pcp_pk2json(pcp_pubkey_t *pk);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 pcp_ks_bundle_t *pcp_import_pub_json(PCPCTX *ptx, byte *raw, size_t rawsize);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 Buffer *pcp_import_secret_json(PCPCTX *ptx, Buffer *json);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 pcp_ks_bundle_t *pcp_import_pub(PCPCTX *ptx, byte *raw, size_t rawsize);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 pcp_ks_bundle_t *pcp_import_binpub(PCPCTX *ptx, byte *raw, size_t rawsize);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 pcp_ks_bundle_t *pcp_import_pub_rfc(PCPCTX *ptx, Buffer *blob);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 pcp_ks_bundle_t *pcp_import_pub_pbp(PCPCTX *ptx, Buffer *blob);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 pcp_key_t *pcp_import_binsecret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 pcp_key_t *pcp_import_secret(PCPCTX *ptx, byte *raw, size_t rawsize, char *passphrase);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 pcp_key_t *pcp_import_secret_native(PCPCTX *ptx, Buffer *cipher, char *passphrase);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 int _check_keysig_h(PCPCTX *ptx, Buffer *blob, rfc_pub_sig_h *h);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 int _check_hash_keysig(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, pcp_keysig_t *sk);
-/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:188 */
+/*** ./gencffi.pl: from ../../include/pcp/mgmt.h:193 */
 int _check_sigsubs(PCPCTX *ptx, Buffer *blob, pcp_pubkey_t *p, rfc_pub_sig_s *subheader);
 /*** ./gencffi.pl: from ../../include/pcp/pcpstream.h:291 */
@@ -745,27 +752,45 @@ int pcp_readpass_fromprog(PCPCTX *ptx, char **passwd, const char *askpass);
 /*** ./gencffi.pl: from ../../include/pcp/scrypt.h:42 */
 byte * pcp_scrypt(PCPCTX *ptx, char *passwd, size_t passwdlen, byte *nonce, size_t noncelen);
-/*** ./gencffi.pl: from ../../include/pcp/util.h:128 */
+/*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 char *_lc(char *in);
-/*** ./gencffi.pl: from ../../include/pcp/util.h:128 */
+/*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 long int _findoffset(byte *bin, size_t binlen, char *sigstart, size_t hlen);
-/*** ./gencffi.pl: from ../../include/pcp/util.h:128 */
+/*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 void _xorbuf(byte *iv, byte *buf, size_t xlen);
-/*** ./gencffi.pl: from ../../include/pcp/util.h:128 */
+/*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 void _dump(char *n, byte *d, size_t s);
-/*** ./gencffi.pl: from ../../include/pcp/util.h:128 */
+/*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 char *_bin2hex(byte *bin, size_t len);
-/*** ./gencffi.pl: from ../../include/pcp/util.h:128 */
+/*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 size_t _hex2bin(const char *hex_str, unsigned char *byte_array, size_t byte_array_max);
-/*** ./gencffi.pl: from ../../include/pcp/util.h:128 */
+/*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 int cst_time_memcmp(const void *m1, const void *m2, size_t n);
 /*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 uint64_t _wireto64(byte *data);
 /*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 uint32_t _wireto32(byte *data);
 /*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 uint16_t _wireto16(byte *data);
 /*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 void _64towire(uint64_t i, byte *data);
 /*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 void _32towire(uint32_t i, byte *data);
 /*** ./gencffi.pl: from ../../include/pcp/util.h:141 */
 void _16towire(uint16_t i, byte *data);
 /*** ./gencffi.pl: from ../../include/pcp/vault.h:230 */
 vault_t *pcpvault_init(PCPCTX *ptx, char *filename);
@@ -871,145 +896,145 @@ uint8_t *zmq_z85_decode (uint8_t *dest, char *string);
 /*** ./gencffi.pl: from ../../include/pcp/zmq_z85.h:31 */
 char *zmq_z85_encode (char *dest, uint8_t *data, size_t size);'''
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_ASYM_CIPHER = 5
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_BLOCK_SIZE = 32 * 1024
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_PK_HEADER = "----- BEGIN ED25519-CURVE29915 PUBLIC KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_SK_FOOTER = "----- END ED25519-CURVE29915 PRIVATE KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_ENFILE_HEADER = "----- BEGIN PCP ENCRYPTED FILE -----\r\n"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_FORMAT_NATIVE = 1
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PBP_COMPAT_SALT = "qa~t](84z<1t<1oz:ik.@IRNyhG=8q(on9}4#!/_h#a7wqK{Nt$T?W>,mt8NqYq&6U<GB1$,<$j>,rSYI2GRDd:Bcm"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_HASH_CIPHER = 0x22
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_HASH_NAME = "BLAKE2"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_SIG_SUB_NOTATION = 20
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_SIG_CIPHER_NAME = "ED25519"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_SIG_CIPHER = 0x23
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_ZFILE_HEADER = "----- BEGIN Z85 ENCODED FILE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_SIG_END = "----- END ED25519 SIGNATURE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_PK_CIPHER = 0x21
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_RFC_CIPHER = 0x21 
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_ASYM_CIPHER_ANON = 6
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_ENFILE_FOOTER = "\r\n----- END PCP ENCRYPTED FILE -----\r\n"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_SYM_CIPHER = 23
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_SIG_TYPE = 0x1F 
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SIG_SUB_KEYFLAGS = 27
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_SK_HEADER = "----- BEGIN ED25519-CURVE29915 PRIVATE KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_SIGPREFIX = "\nnacl-"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_ME = "Pretty Curved Privacy"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_ZFILE_FOOTER = "----- END Z85 ENCODED FILE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_SIG_SUB_SIGEXPIRE = 3
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_SIG_SUB_CTIME = 2
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 EXP_PK_FOOTER = "----- END ED25519-CURVE29915 PUBLIC KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:183
 PCP_VAULT_ID = 14
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
-PCP_ASYM_CIPHER_ANON_SIG = 7
+EXP_SIG_SUB_KEYFLAGS = 27
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
-PCP_SIG_HEADER = "----- BEGIN ED25519 SIGNED MESSAGE -----"
+PCP_ASYM_CIPHER_ANON = 6
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
-PCP_ASYM_CIPHER_SIG = 24
+PCP_SIGPREFIX = "\nnacl-"
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_PK_CIPHER_NAME = "CURVE25519-ED25519-POLY1305-SALSA20"
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
-EXP_FORMAT_PBP = 2
+PCP_ZFILE_HEADER = "----- BEGIN Z85 ENCODED FILE -----"
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SIG_SUB_CTIME = 2
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_ENFILE_FOOTER = "\r\n----- END PCP ENCRYPTED FILE -----\r\n"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_PK_FOOTER = "----- END ED25519-CURVE29915 PUBLIC KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_PK_CIPHER = 0x21
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_SYM_CIPHER = 23
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_RFC_CIPHER = 0x21 
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_BLOCK_SIZE = 32 * 1024
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SIG_SUB_KEYEXPIRE = 9
-# ./gencffi.pl: from ../../include/pcp/defines.h:183
+# ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_HASH_NAME = "BLAKE2"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_PK_HEADER = "----- BEGIN ED25519-CURVE29915 PUBLIC KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_ZFILE_FOOTER = "----- END Z85 ENCODED FILE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_SIG_END = "----- END ED25519 SIGNATURE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PBP_COMPAT_SALT = "qa~t](84z<1t<1oz:ik.@IRNyhG=8q(on9}4#!/_h#a7wqK{Nt$T?W>,mt8NqYq&6U<GB1$,<$j>,rSYI2GRDd:Bcm"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SK_HEADER = "----- BEGIN ED25519-CURVE29915 PRIVATE KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_SIG_HEADER = "----- BEGIN ED25519 SIGNED MESSAGE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_ENFILE_HEADER = "----- BEGIN PCP ENCRYPTED FILE -----\r\n"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_ASYM_CIPHER = 5
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_SIG_START = "----- BEGIN ED25519 SIGNATURE -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_HASH_CIPHER = 0x22
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_ME = "Pretty Curved Privacy"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_FORMAT_PBP = 2
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SK_FOOTER = "----- END ED25519-CURVE29915 PRIVATE KEY -----"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SIG_CIPHER = 0x23
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_ASYM_CIPHER_ANON_SIG = 7
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SIG_CIPHER_NAME = "ED25519"
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_FORMAT_NATIVE = 1
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 PCP_ASYM_CIPHER_SIG = 24
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SIG_SUB_NOTATION = 20
 # ./gencffi.pl: from ../../include/pcp/defines.h:185
 EXP_SIG_SUB_SIGEXPIRE = 3
--- a/man/pcp1.1
+++ b/man/pcp1.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.30)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -38,6 +38,8 @@
 .    ds PI \(*p
 .    ds L" ``
 .    ds R" ''
 .    ds C`
 .    ds C'
 'br\}
 .\"
 .\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 .\" entries marked with X<> in POD.  Of course, you'll have to process the
 .\" output yourself in some meaningful fashion.
-.ie \nF \{\
+.\"
 .\" Avoid warning from groff about undefined register 'F'.
 .de IX
 ..
 .nr rF 0
 .if \n(.g .if rF .nr rF 1
 .if (\n(rF:(\n(.g==0)) \{
 .    if \nF \{
 .        de IX
 .        tm Index:\\$1\t\\n%\t"\\$2"
 ..
 .        if !\nF==2 \{
 .            nr % 0
-.    rr F
+.            nr F 2
 .        \}
 .el \{\
 .    de IX
 ..
 .    \}
 .\}
 .rr rF
 .\"
 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
@@ -124,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PCP1 1"
-.TH PCP1 1 "2016-01-21" "PCP 0.3.1" "USER CONTRIBUTED DOCUMENTATION"
+.TH PCP1 1 "2016-10-20" "PCP 0.4.0" "USER CONTRIBUTED DOCUMENTATION"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -342,7 +351,7 @@ Pretty Curved Privacy \- File encryption using eliptic curve cryptography.
 be used to encrypt files. \fBpcp1\fR uses eliptc curve cryptography
 for encryption (\s-1CURVE25519\s0 by Dan J. Bernstein). While \s-1CURVE25519\s0
 is no worldwide accepted standard it hasn't been compromised by
-the \s-1NSA\s0 \- which might be better, depending on your point of view.
+the \s-1NSA \-\s0 which might be better, depending on your point of view.
 .PP
 \&\fBCaution\fR: since \s-1CURVE25519\s0 is no accepted standard, \fBpcp1\fR has
 to be considered as experimental software. In fact, I wrote it just
@@ -738,7 +747,7 @@ for the worst like passphrases like \*(L"aaa\*(R" or \*(L"x\*(R".
 .PP
 Pcp considers passphrases with an entropy measurement of 3.32 or higher
 as acceptable. This may change in the future.
-.SS "\s-1VAULT\s0 \s-1FORMAT\s0"
+.SS "\s-1VAULT FORMAT\s0"
 .IX Subsection "VAULT FORMAT"
 The vault file contains all public and secret keys. It's a portable
 binary file.
@@ -785,7 +794,7 @@ Type can be one of:
 .Ve
 .PP
 The key header is followed by the actual key, see below.
-.SS "\s-1SECRET\s0 \s-1KEY\s0 \s-1FORMAT\s0"
+.SS "\s-1SECRET KEY FORMAT\s0"
 .IX Subsection "SECRET KEY FORMAT"
 A secret key is a binary structure with the following format:
 .PP
@@ -854,7 +863,7 @@ are otherwise unrelated. If one of them leaks, the other
 cannot be recalculated from it.
 .PP
 Take a look at the function \fB\f(BIpcp_keypairs()\fB\fR for details.
-.SS "\s-1PUBLIC\s0 \s-1KEY\s0 \s-1EXPORT\s0 \s-1FORMAT\s0"
+.SS "\s-1PUBLIC KEY EXPORT FORMAT\s0"
 .IX Subsection "PUBLIC KEY EXPORT FORMAT"
 Exported public and secret keys will be written in a portable
 way. Pcp uses \s-1RFC4880\s0 export format for public keys with some
@@ -958,7 +967,7 @@ So, a full pubkey export looks like this
 \&    hash
 \&    signature
 .Ve
-.SS "\s-1SECRET\s0 \s-1KEY\s0 \s-1EXPORT\s0 \s-1FORMAT\s0"
+.SS "\s-1SECRET KEY EXPORT FORMAT\s0"
 .IX Subsection "SECRET KEY EXPORT FORMAT"
 Secret keys are exported in a proprietary format.
 .PP
@@ -990,7 +999,7 @@ to encrypt the data and looks after encryption as such:
 .Vb 1
 \&  Nonce | Cipher
 .Ve
-.SS "\s-1ENCRYPTED\s0 \s-1OUTPUT\s0 \s-1FORMAT\s0"
+.SS "\s-1ENCRYPTED OUTPUT FORMAT\s0"
 .IX Subsection "ENCRYPTED OUTPUT FORMAT"
 The encryption protocol used by \s-1PCP\s0 uses mostly standard
 libsodium facilities with the exception that \s-1PCP\s0 uses counter
@@ -1083,7 +1092,7 @@ of the sender.
 The encrypted output maybe Z85 encoded. In this case the Z85
 encoding will be done blockwise with blocks of 16k bytes. The
 decoded content inside will be as described above.
-.SS "\s-1SIGNATURE\s0 \s-1FORMAT\s0"
+.SS "\s-1SIGNATURE FORMAT\s0"
 .IX Subsection "SIGNATURE FORMAT"
 There are different signature formats. Standard binary \s-1NACL\s0
 signatures have the following format:
@@ -1135,15 +1144,15 @@ Armored signatures have the following format:
 .PP
 The Z85 encoded signature at the end contains the same signature
 contents as the binary signature outlined above (hash+sig).
-.SS "\s-1SIGNED\s0 \s-1ENCRYPTION\s0 \s-1FORMAT\s0"
+.SS "\s-1SIGNED ENCRYPTION FORMAT\s0"
 .IX Subsection "SIGNED ENCRYPTION FORMAT"
 Signed encrypted files are in binary form only. The first part is
-the standard encrypted file as described in \fB\s-1ENCRYPTED\s0 \s-1OUTPUT\s0 \s-1FORMAT\s0\fR
+the standard encrypted file as described in \fB\s-1ENCRYPTED OUTPUT FORMAT\s0\fR
-followed by the binary encrypted signature described in \fB\s-1SIGNATURE\s0 \s-1FORMAT\s0\fR
+followed by the binary encrypted signature described in \fB\s-1SIGNATURE FORMAT\s0\fR
 without the offset separator.
 .PP
 However, not only the hash of the file content will be signed but the
-recipient list described in \fB\s-1ENCRYPTED\s0 \s-1OUTPUT\s0 \s-1FORMAT\s0\fR as well. A
+recipient list described in \fB\s-1ENCRYPTED OUTPUT FORMAT\s0\fR as well. A
 valid recipient is therefore not able to re-encrypt the decrypted
 message, append the original signature and send it to other recipients.
 The signature would not match since the recipient list differs and
@@ -1183,7 +1192,7 @@ Before encryption the signature format is:
 \& +\-\-\-\-\-\-\-\-\-\-\-\-\-|\-\-\-\-\-\-\-\-|\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-\-+
 .Ve
 .PP
-where R is: C(recipient)|C(recipient)... (see \fB\s-1ENCRYPTED\s0 \s-1OUTPUT\s0 \s-1FORMAT\s0\fR).
+where R is: C(recipient)|C(recipient)... (see \fB\s-1ENCRYPTED OUTPUT FORMAT\s0\fR).
 .PP
 Pseudocode:
 .PP
@@ -1250,7 +1259,7 @@ pcp1 \-z \-I file \-O file.z85
 Reverse the process:
 .PP
 pcp1 \-Z \-I file.z85 \-O file
-.SS "\s-1PBP\s0 \s-1COMPATIBILITY\s0"
+.SS "\s-1PBP COMPATIBILITY\s0"
 .IX Subsection "PBP COMPATIBILITY"
 \&\s-1PCP\s0 tries to be fully compatible with \s-1PBP \s0(https://github.com/stef/pbp). Encrypted
 files and signatures \- at least their binary versions \- should be exchangable. However,
@@ -1276,8 +1285,8 @@ functions:
 .PD
 .PP
 \&\s-1JSON\s0 support can be used either with the commandline tool \fBpcp1\fR or programmatically
-using the C, \*(C+ or Python \s-1API\s0.
+using the C, \*(C+ or Python \s-1API.\s0
-.SS "\s-1USING\s0 \s-1JSON\s0 \s-1FROM\s0 \s-1THE\s0 C \s-1API\s0"
+.SS "\s-1USING JSON FROM THE C API\s0"
 .IX Subsection "USING JSON FROM THE C API"
 In order to use \s-1JSON\s0 all you've got to do is to switch a context flag:
 .PP
@@ -1287,9 +1296,9 @@ In order to use \s-1JSON\s0 all you've got to do is to switch a context flag:
 .Ve
 .PP
 That all to it. Now any function normally used for key import and export works
-with \s-1JSON\s0, just fill the \fBBuffer\fR object with a \s-1JSON\s0 string for imports or
+with \s-1JSON,\s0 just fill the \fBBuffer\fR object with a \s-1JSON\s0 string for imports or
 fetch the Buffer content of an export function as a string.
-.SS "\s-1USING\s0 \s-1JSON\s0 \s-1FROM\s0 \s-1THE\s0 \s-1COMMANDLINE\s0"
+.SS "\s-1USING JSON FROM THE COMMANDLINE\s0"
 .IX Subsection "USING JSON FROM THE COMMANDLINE"
 In order to use \s-1JSON\s0 on the commandline, add \fB\-j\fR. This can be used in
 conjunction with the following options:
@@ -1307,9 +1316,9 @@ Public and secret key import.
 Text view mode (aka inspect mode).
 .PP
 The \fB\-z\fR and \fB\-Z\fR options are ignored in \s-1JSON\s0 mode.
-.SS "\s-1JSON\s0 \s-1OBJECT\s0 \s-1STRUCTURE\s0"
+.SS "\s-1JSON OBJECT STRUCTURE\s0"
 .IX Subsection "JSON OBJECT STRUCTURE"
-\fI\s-1JSON\s0 \s-1PUBLIC\s0 \s-1KEY\s0 (pcp1 \-p \-j)\fR
+\fI\s-1JSON PUBLIC KEY \s0(pcp1 \-p \-j)\fR
 .IX Subsection "JSON PUBLIC KEY (pcp1 -p -j)"
 .PP
 The \s-1JSON\s0 object for a public key looks like this:
@@ -1338,7 +1347,7 @@ Fields containing byte arrays are hex encoded.
 .PP
 Numbers are represented as literal integers.
 .PP
-\fI\s-1JSON\s0 \s-1SECRET\s0 \s-1KEY\s0 (pcp1 \-s \-j)\fR
+\fI\s-1JSON SECRET KEY \s0(pcp1 \-s \-j)\fR
 .IX Subsection "JSON SECRET KEY (pcp1 -s -j)"
 .PP
 The \s-1JSON\s0 object for a public key looks like this:
@@ -1369,7 +1378,7 @@ secret key material. Pcp does not support exporting a secret key unencrypted.
 The \fBnonce\fR is required for a later import and shall not be changed or
 decoupled from \fBsecrets\fR. This may change in the future.
 .PP
-\fI\s-1JSON\s0 \s-1VAULT\s0 (pcp1 \-t)\fR
+\fI\s-1JSON VAULT \s0(pcp1 \-t)\fR
 .IX Subsection "JSON VAULT (pcp1 -t)"
 .PP
 The \s-1JSON\s0 object for the vault looks like this:
@@ -1388,7 +1397,7 @@ The \s-1JSON\s0 object for the vault looks like this:
 The field \fBkeys\fR is an array containing one or more of the already
 described key objects.
 .PP
-\fI\s-1JSON\s0 \s-1PROGRAM\s0 \s-1OUTPUT\s0\fR
+\fI\s-1JSON PROGRAM OUTPUT\s0\fR
 .IX Subsection "JSON PROGRAM OUTPUT"
 .PP
 Currently pcp does not support \s-1JSON\s0 program output, that is, success or
@@ -1437,7 +1446,7 @@ under the \fB\s-1GPL\s0\fR as well.
 \&\fIT.v.Dein <tom \s-1AT\s0 vondein \s-1DOT\s0 org\fR>
 .SH "LICENSE"
 .IX Header "LICENSE"
-Licensed under the  \s-1GNU\s0 \s-1GENERAL\s0 \s-1PUBLIC\s0 \s-1LICENSE\s0 version 3.
+Licensed under the  \s-1GNU GENERAL PUBLIC LICENSE\s0 version 3.
 .SH "HOME"
 .IX Header "HOME"
 The homepage of Pretty Curved Privacy can be found on
--- a/man/pcp1.html
+++ b/man/pcp1.html