From 2571eabeefd9b486551fb60e1a0f34d5aee046cb Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Sat, 15 Feb 2020 16:40:19 +0000
Subject: [PATCH] Unix Pageant: support -r and -R options to re-encrypt.

This links up the new re-encryption facilities to the Unix Pageant
client-mode command line. Analogously to -d and -D, 'pageant -r key-id'
re-encrypts a single key, and 'pageant -R' re-encrypts everything.
---
 unix/uxpgnt.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/unix/uxpgnt.c b/unix/uxpgnt.c
index 707f9376..6d73bf1f 100644
--- a/unix/uxpgnt.c
+++ b/unix/uxpgnt.c
@@ -397,6 +397,8 @@ typedef enum {
     KEYACT_CLIENT_PUBLIC_OPENSSH,
     KEYACT_CLIENT_PUBLIC,
     KEYACT_CLIENT_SIGN,
+    KEYACT_CLIENT_REENCRYPT,
+    KEYACT_CLIENT_REENCRYPT_ALL,
 } keyact;
 struct cmdline_key_action {
     struct cmdline_key_action *next;
@@ -801,6 +803,18 @@ void run_client(void)
             if (key)
                 pageant_pubkey_free(key);
             break;
+          case KEYACT_CLIENT_REENCRYPT:
+            key = NULL;
+            if (!(key = find_key(act->filename, &retstr)) ||
+                pageant_reencrypt_key(key, &retstr) == PAGEANT_ACTION_FAILURE) {
+                fprintf(stderr, "pageant: re-encrypting key '%s': %s\n",
+                        act->filename, retstr);
+                sfree(retstr);
+                errors = true;
+            }
+            if (key)
+                pageant_pubkey_free(key);
+            break;
           case KEYACT_CLIENT_PUBLIC_OPENSSH:
           case KEYACT_CLIENT_PUBLIC:
             key = NULL;
@@ -840,6 +854,20 @@ void run_client(void)
                 errors = true;
             }
             break;
+          case KEYACT_CLIENT_REENCRYPT_ALL: {
+            int status = pageant_reencrypt_all_keys(&retstr);
+            if (status == PAGEANT_ACTION_FAILURE) {
+                fprintf(stderr, "pageant: re-encrypting all keys: "
+                        "%s\n", retstr);
+                sfree(retstr);
+                errors = true;
+            } else if (status == PAGEANT_ACTION_WARNING) {
+                fprintf(stderr, "pageant: re-encrypting all keys: "
+                        "warning: %s\n", retstr);
+                sfree(retstr);
+            }
+            break;
+          }
           case KEYACT_CLIENT_SIGN:
             key = NULL;
             if (!message_loaded) {
@@ -1222,12 +1250,16 @@ int main(int argc, char **argv)
                 curr_keyact = KEYACT_CLIENT_ADD;
             } else if (!strcmp(p, "-d")) {
                 curr_keyact = KEYACT_CLIENT_DEL;
+            } else if (!strcmp(p, "-r")) {
+                curr_keyact = KEYACT_CLIENT_REENCRYPT;
             } else if (!strcmp(p, "-s")) {
                 shell_type = SHELL_SH;
             } else if (!strcmp(p, "-c")) {
                 shell_type = SHELL_CSH;
             } else if (!strcmp(p, "-D")) {
                 add_keyact(KEYACT_CLIENT_DEL_ALL, NULL);
+            } else if (!strcmp(p, "-R")) {
+                add_keyact(KEYACT_CLIENT_REENCRYPT_ALL, NULL);
             } else if (!strcmp(p, "-l")) {
                 add_keyact(KEYACT_CLIENT_LIST, NULL);
             } else if (!strcmp(p, "--public")) {