=== modified file 'Makefile'
--- Makefile	2008-08-12 21:28:42 +0000
+++ Makefile	2008-08-12 23:13:41 +0000
@@ -10,7 +10,7 @@
 # For info about _FORTIFY_SOURCE, see
 # <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>
 FORTIFY=-D_FORTIFY_SOURCE=2 # -fstack-protector-all
-#COVERAGE=-fprofile-arcs -ftest-coverage
+#COVERAGE=--coverage
 OPTIMIZE=-Os
 LANGUAGE=-std=gnu99
 

=== modified file 'TODO'
--- TODO	2008-08-12 16:47:22 +0000
+++ TODO	2008-08-12 23:13:41 +0000
@@ -2,9 +2,6 @@
 
 * [#A] README file
 
-* [#A] COPYING file
-  [[file:/usr/share/common-licenses/GPL-3][GPLv3]]
-
 * Mandos-client
 ** [#A] Change syntax for arguments
 ** [#A] Man page: man8/mandos-client.8mandos
@@ -60,9 +57,9 @@
 ** Use asprintf instead of malloc and memcpy?
 ** IPv4 support
 ** use strsep instead of strtok?
-** Do not depend on GPG key rings on disk
-   This would mean creating new GPG key rings with GPGME by importing
-   the key files from scratch on every program start.
+** Do not depend on GnuPG key rings on disk
+   This would mean creating new GnuPG key rings with GPGME by
+   importing the key files from scratch on every program start.
 
 * Password-prompt
 ** [#A] Man page: man8/password-prompt.8mandos

=== modified file 'mandos-keygen'
--- mandos-keygen	2008-08-12 19:47:50 +0000
+++ mandos-keygen	2008-08-12 23:13:41 +0000
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/sh -e
 # 
-# Mandos key generator - create new OpenPGP keys for Mandos clients
+# Mandos key generator - create a new OpenPGP key for a Mandos client
 # 
 # Copyright © 2007-2008 Teddy Hogeborn & Björn Påhlsson
 # 
@@ -20,6 +20,8 @@
 # Contact the authors at <mandos@fukt.bsnet.se>.
 # 
 
+VERSION="1.0"
+
 KEYDIR="/etc/mandos"
 KEYTYPE=DSA
 KEYLENGTH=1024
@@ -31,10 +33,34 @@
 KEYCOMMENT_ORIG="$KEYCOMMENT"
 
 # Parse options
-TEMP=`getopt --options d:t:l:n:e:c:x:f \
-    --longoptions dir:,type:,length:,name:,email:,comment:,expire:,force \
+TEMP=`getopt --options vhd:t:l:n:e:c:x:f \
+    --longoptions version,help,dir:,type:,length:,name:,email:,comment:,expire:,force \
     --name "$0" -- "$@"`
 
+help(){
+cat <<EOF
+Usage: `basename $0` [options]
+
+Options:
+  -v, --version         Show program's version number and exit
+  -h, --help            Show this help message and exit
+  -d DIR, --dir DIR     Target directory for key files
+  -t TYPE, --type TYPE  Key type.  Default is DSA.
+  -l BITS, --length BITS
+                        Key length in bits.  Default is 1024.
+  -n NAME, --name NAME  Name of key.  Default is the FQDN.
+  -e EMAIL, --email EMAIL
+                        Email address of key.  Default is empty.
+  -c COMMENT, --comment COMMENT
+                        Comment field for key.  The default value is
+                        "Mandos client key".
+  -x TIME, --expire TIME
+                        Key expire time.  Default is no expiration.
+                        See gpg(1) for syntax.
+  -f, --force           Force overwriting old keys.
+EOF
+}
+
 eval set -- "$TEMP"
 while :; do
     case "$1" in
@@ -46,6 +72,8 @@
 	-c|--comment) KEYCOMMENT="$2"; shift 2;;
 	-x|--expire) KEYCOMMENT="$2"; shift 2;;
 	-f|--force) FORCE=yes; shift;;
+	-v|--version) echo "$0 $VERSION"; exit;;
+	-h|--help) help; exit;;
 	--) shift; break;;
 	*) echo "Internal error" >&2; exit 1;;
     esac
@@ -100,7 +128,7 @@
     exit 1
 fi
 
-# Set lines for GPG batch file
+# Set lines for GnuPG batch file
 if [ -n "$KEYCOMMENT" ]; then
     KEYCOMMENTLINE="Name-Comment: $KEYCOMMENT"
 fi
@@ -113,9 +141,10 @@
 SECRING="`mktemp -t mandos-gpg-secring.XXXXXXXXXX`"
 PUBRING="`mktemp -t mandos-gpg-pubring.XXXXXXXXXX`"
 
+# Remove temporary files on exit
 trap "rm --force $PUBRING $BATCHFILE; shred --remove $SECRING" EXIT
 
-# Create batch file for GPG
+# Create batch file for GnuPG
 cat >"$BATCHFILE" <<EOF
 Key-Type: $KEYTYPE
 Key-Length: $KEYLENGTH
@@ -130,12 +159,15 @@
 EOF
 
 umask 027
+
+# Generate a new key in the key rings
 gpg --no-random-seed-file --quiet --batch --no-tty \
     --no-default-keyring --no-options --batch \
     --secret-keyring "$SECRING" --keyring "$PUBRING" \
     --gen-key "$BATCHFILE"
 rm --force "$BATCHFILE"
 
+# Backup any old key files
 if cp --backup=numbered --force "$SECKEYFILE" "$SECKEYFILE" \
     2>/dev/null; then
     shred --remove "$SECKEYFILE"
@@ -154,6 +186,7 @@
     FILECOMMENT="$FILECOMMENT <$KEYEMAIL>"
 fi
 
+# Export keys from key rings to key files
 gpg --no-random-seed-file --quiet --batch --no-tty --armor \
     --no-default-keyring --secret-keyring "$SECRING" \
     --keyring "$PUBRING" --export-options export-minimal \
@@ -164,3 +197,9 @@
     --keyring "$PUBRING" --export-options export-minimal \
     --comment "$FILECOMMENT" --output "$PUBKEYFILE" \
     --export
+
+trap - EXIT
+
+# Remove the key rings
+shred --remove "$SECRING"
+rm --force "$PUBRING"