fixed crypto++ recipient hash handling

bindings/cpp/crypto.cpp

@@ -31,6 +31,7 @@ Crypto::Crypto(PcpContext &C, Key &skey, PubKey &pkey) {
   PTX = C;
   havevault = false;
   pcphash_add(PTX.ptx, P.K, PCP_KEY_TYPE_PUBLIC);
+  pcphash_add(PTX.ptx, S.K, PCP_KEY_TYPE_SECRET);
 }
 
 Crypto::Crypto(PcpContext &C, Vault &v, Key &skey, PubKey &pkey) {
@@ -43,11 +44,10 @@ Crypto::Crypto(PcpContext &C, Vault &v, Key &skey, PubKey &pkey) {
 
 bool Crypto::encrypt(FILE *in, FILE *out, bool sign) {
   pcp_pubkey_t *pubhash = NULL;
-  pcphash_add(PTX.ptx, P.K, P.K->type);
-  //HASH_ADD_STR( pubhash, id, P.K);
+  HASH_ADD_STR( pubhash, id, P.K);
   Pcpstream *pin = ps_new_file(in);
   Pcpstream *pout = ps_new_file(out);
-  ptx_dump(PTX.ptx);
+
   size_t clen = pcp_encrypt_stream(PTX.ptx, pin, pout, S.K, pubhash, sign);
   if(clen <= 0)
      throw exception(PTX);
@@ -59,7 +59,7 @@ bool Crypto::encrypt(FILE *in, FILE *out, bool sign) {
 bool Crypto::decrypt(FILE *in, FILE *out, bool verify) {
   Pcpstream *pin = ps_new_file(in);
   Pcpstream *pout = ps_new_file(out);
-  ptx_dump(PTX.ptx);
+
   if(pcp_decrypt_stream(PTX.ptx, pin, pout, S.K, NULL, verify) <= 0)
     throw exception(PTX);
   ps_close(pin);

man/pcp1.pod

@@ -31,8 +31,7 @@ Pretty Curved Privacy - File encryption using eliptic curve cryptography.
   -R --remove-key           Remove a key from the vault.
   -s --export-secret        Export a secret key.
   -p --export-public        Export a public key.
-  -S --import-secret        Import a secret key.
-  -P --import-public        Import a public key.
+  -K --import               Import a secret or public key.
   -y --export-yaml          Export all keys as YAML formatted text.
   -F --export-format <fmt>  Specify exportformat, either 'pbp' or 'pcp'.
                             'pcp' is the default if unspecified.
@@ -373,9 +372,11 @@ Verification by recipient:
 =head1 SIGNED ENCRYPTION
 
 Beside pure encryption and signatures pcp1 also supports signed
-encryption. In this mode an input file will be signed your primary
-secret key from a BLAKE2 hash of the file contents and the recipients
-and then encrypted. The signature is encrypted as well.
+encryption. In this mode an input file will be encrypted and a
+signature of the encrypted content and encrypted recipients with your primary
+secret key will be appended.
+
+The signature is encrypted as well.
 
 Example:
 
@@ -384,25 +385,13 @@ Example:
 Please note the additional B<-g> parameter. The recipient can
 decrypt and verify the so created data like this:
 
- pcp1 -d -c -I README.asc -o README.txt
-
-Please note the additional B<-c> parameter.
+ pcp1 -d -I README.asc -o README.txt
 
 If decryption works, the output file will be written. If signature
 verification fails you will be informed, but the decrypted
 output will be left untouched. It is up to you how to react
 on an invalid signature.
 
-B<Caution: as of this writing (pcp version 0.2.0) there is
-no offset marker included into the output which separates
-the signature from the cipher. Therefore a recipient has to
-know that the file is encrypted AND signed. If, for example,
-the recpient leaves the -c parameter on such a file, the decryption
-process will fail. Otherwise, if the user supplies -c on an
-encrypted file without a signature, decryption will fail as well.>
-
-Note: this behavior might change in the future.
-
 =head1 ALTERNATIVE COMMANDLINES
 
 You can save typing if you supply additional arguments to

tests/cpptest.cpp

@@ -30,52 +30,56 @@ FILE *_openrd(string file, PcpContext &ptx) {
   return fd;
 }
 
-void test0(PcpContext &ptx) {
+void test0() {
   // test keygen and crypto
+  PcpContext CA; // we need different contexts for sender and recipient!
+  PcpContext CB;
+
   FILE *CLEAR, *CIPHER, *DECRYPTED;
-  Key A = Key(ptx, "a", "alicia", "alicia@local");
-  Key B = Key(ptx, "b", "bobby",  "bobby@local");
+  Key A = Key(CA, "a", "alicia", "alicia@local");
+  Key B = Key(CA, "b", "bobby",  "bobby@local");
   PubKey PA = A.get_public();
   PubKey PB = B.get_public();
 
   A.decrypt("a");
   B.decrypt("b");
   
-  Crypto A2B(ptx, A, PB);
-  Crypto B2A(ptx, B, PA);
+  Crypto A2B(CA, A, PB);
+  Crypto B2A(CB, B, PA);
 
-  CLEAR = _openwr("testcppclear", ptx);
+  CLEAR = _openwr("testcppclear", CA);
   fprintf(CLEAR, "HALLO\n");
   fclose(CLEAR);
   
-  CIPHER = _openwr("testcpcipher", ptx);
-  CLEAR = _openrd("testcppclear", ptx);
+  CIPHER = _openwr("testcpcipher", CA);
+  CLEAR = _openrd("testcppclear", CA);
 
-  cerr << "A=>B encrypt using " << PB.get_id() << endl;
   if(A2B.encrypt(CLEAR, CIPHER, false)) {
 
-    CIPHER = _openrd("testcpcipher", ptx);
-    DECRYPTED = _openwr("testcppdecrypted", ptx);
+    CIPHER = _openrd("testcpcipher", CA);
+    DECRYPTED = _openwr("testcppdecrypted", CA);
 
-    cerr << "B=>A decrypt using " << PA.get_id() << endl;
     if(B2A.decrypt(CIPHER, DECRYPTED, false)) {
 
-      DECRYPTED = _openrd("testcppdecrypted", ptx);
+      DECRYPTED = _openrd("testcppdecrypted", CA);
       char *got = (char *)ucmalloc(10);
       if(fread(got, 1, 6, DECRYPTED) < 6) {
-	throw pcp::exception(ptx, "read error, could not read decrypted content");
+	throw pcp::exception(CA, "read error, could not read decrypted content");
       }
       if(strncmp(got, "HALLO", 5) != 0) {
-	throw pcp::exception(ptx);
+	throw pcp::exception(CA);
       }
     }
     else
-      throw pcp::exception(ptx, "failed to decrypt");
+      throw pcp::exception(CA, "failed to decrypt");
   }
   else
-    throw pcp::exception(ptx, "failed to encrypt");
+    throw pcp::exception(CA, "failed to encrypt");
 
   cout << "0 ok" << endl;
+
+  CA.done();
+  CB.done();
 }
 
 void test1(PcpContext &ptx) {
@@ -167,7 +171,7 @@ int main(int argc, char **argv) {
       throw pcp::exception(ptx, "usage: cpptest N");
     switch(argv[1][0]) {
     case '0':
-      test0(ptx);
+      test0();
       break;
 
     case '1':