key++: normalize id and lc()

allow signing using an alternate secret key, like in pcpdecrypt()

malloc() new pointers in functions only if not NULL, e.g. pcp_gennonce()

check pub key count in pcp.c before calling verify signature, croak if count==0

Update pod key format spec.

-l show keysig, if any

vault checksum: add keysigs as well

enable formats for secret key exports as well

Add newlines to headers in define.h, so strlen() later catches the whole length.

Check is_utf8 license.
  also found in https://gd.meizo.com/_files/lpc/ext/utf8.c

Vault checksum with global vault

Symmetric decrypt mode tries to open vault

pcp_find_primary_secret() makes a copy ???

sym encrypt mac => mac, mac => freebsd and freebsd => mac doesnt work

c++ destructor double free mess

Python binding, e.g.:
py % cdll.LoadLibrary("libsodium.so.8")
<CDLL 'libsodium.so.8', handle 800776c00 at 80192a3d0>
py % nacl = CDLL("libsodium.so.8")
py % hash = create_string_buffer('\000' * 64)
py % hash
<ctypes.c_char_Array_65 object at 0x80182c560>
py % hash.raw
'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x...
py % key = create_string_buffer('a' * 32)
py % nacl.crypto_hash_sha256(pointer(hash), pointer(key), 32)
0
py % hash.raw
';\xa3\xf5\xf4;\x92`&\x83\xc1\x9a\xeeb\xa2\x03B\xb0\x84\...
py %