1 files changed, 23 insertions, 6 deletions

diff --git a/KeyRing.hs b/KeyRing.hs
index b164527..53a1a34 100644
--- a/KeyRing.hs
+++ b/KeyRing.hs
@@ -2158,7 +2158,9 @@ rsaPrivateKeyFromPacket pkt@(SecretKeyPacket {}) = do
         , rsaCoefficient = coefficient }
 rsaPrivateKeyFromPacket _ = Nothing
 
-secretPemFromPacket packet =
+secretPemFromPacket packet = pemFromPacket Sec packet
+
+pemFromPacket Sec packet =
     case key_algorithm packet of
      RSA -> do
         rsa <- rsaPrivateKeyFromPacket packet -- RSAPrivateKey
@@ -2168,11 +2170,24 @@ secretPemFromPacket packet =
             output = writePEM "RSA PRIVATE KEY" dta
         Just output
      algo -> Nothing
+pemFromPacket Pub packet =
+    case key_algorithm packet of
+     RSA -> do
+        rsa <- rsaKeyFromPacket packet
+        let asn1 = toASN1 (pkcs8 rsa) []
+            bs = encodeASN1 DER asn1
+            dta = Base64.encode (L.unpack bs)
+            output = writePEM "PUBLIC KEY" dta
+        Just output
+     algo -> Nothing
+pemFromPacket AutoAccess p@(PublicKeyPacket {}) = pemFromPacket Pub p
+pemFromPacket AutoAccess p@(SecretKeyPacket {}) = pemFromPacket Sec p
+pemFromPacket AutoAccess _ = Nothing
 
 writeKeyToFile ::
-  Bool -> FileType -> InputFile -> Packet -> IO [(InputFile, KikiReportAction)]
-writeKeyToFile False PEMFile fname packet = do
-    case secretPemFromPacket packet of
+  Bool -> StreamInfo -> InputFile -> Packet -> IO [(InputFile, KikiReportAction)]
+writeKeyToFile False stream@(StreamInfo { typ = PEMFile }) fname packet = do
+    case pemFromPacket (access stream) packet of
      Just output -> do
         let stamp = toEnum . fromEnum $ timestamp packet
         handleIO_ (return [(fname, FailedFileWrite)]) $ do
@@ -2184,7 +2199,7 @@ writeKeyToFile False PEMFile fname packet = do
             return [(fname, ExportedSubkey)]
      Nothing -> return [(fname, UnableToExport (key_algorithm packet) $ fingerprint packet)]
 
-writeKeyToFile False DNSPresentation fname packet = do
+writeKeyToFile False StreamInfo { typ = DNSPresentation } fname packet = do
     case key_algorithm packet of
      RSA -> do
         flip (maybe (return []))
@@ -2232,12 +2247,14 @@ writePEMKeys doDecrypt db exports = do
     let ds' = map functorToEither ds
     if null (lefts ds')
         then do
-            rs <- mapM (\(f,stream,p) -> writeKeyToFile False (typ stream) (ArgFile f) p)
+            rs <- mapM (\(f,stream,p) -> writeKeyToFile False stream (ArgFile f) p)
                        (rights ds')
             return $ KikiSuccess (map (first $ resolveForReport Nothing) $ concat rs)
         else do
             return (head $ lefts ds')
  where
+    decryptKeys (fname,subspec,[p],stream@(StreamInfo { access=Pub }))
+        = return $ KikiSuccess (fname,stream,packet p) -- public keys are never encrypted.
     decryptKeys (fname,subspec,[p],stream) = do
         pun <- doDecrypt p
         try pun $ \pun -> do