From 3f1df52db4ddbe49517dc9182d662026c81b8121 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 16 Jan 2023 21:13:44 +0100
Subject: [PATCH] Warn about -C -W implications before it's too late

---
 src/minisign.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/minisign.c b/src/minisign.c
index 8343bf4..daa992b 100644
--- a/src/minisign.c
+++ b/src/minisign.c
@@ -42,7 +42,7 @@ usage(void)
 #ifndef VERIFY_ONLY
         "-G                generate a new key pair\n"
         "-R                recreate a public key file from a secret key file\n"
-        "-C                change the password of the secret key\n"
+        "-C                change/remove the password of the secret key\n"
         "-S                sign files\n"
 #endif
         "-V                verify that a signature is valid for a given file\n"
@@ -750,6 +750,9 @@ update_password(const char *sk_file, int unencrypted_key)
     FILE         *fp;
     size_t        sk_comment_line_len;
 
+    if (unencrypted_key != 0) {
+        printf("Key encryption for [%s] is going to be removed.\n", sk_file);
+    }
     sk_comment_line = xsodium_malloc(COMMENTMAXBYTES);
     if ((seckey_struct = seckey_load(sk_file, sk_comment_line)) == NULL) {
         return -1;
@@ -758,8 +761,6 @@ update_password(const char *sk_file, int unencrypted_key)
            sizeof seckey_struct->kdf_alg);
     if (unencrypted_key == 0) {
         encrypt_key(seckey_struct);
-    } else {
-        printf("You are about to remove key encryption for [%s].\n", sk_file);
     }
     if ((fp = fopen_create_useronly(sk_file)) == NULL) {
         exit_err(sk_file);
@@ -771,8 +772,11 @@ update_password(const char *sk_file, int unencrypted_key)
     xfclose(fp);
     sodium_free(seckey_struct);
 
-    puts("Password updated.");
-
+    if (unencrypted_key == 0) {
+        puts("Password updated.");
+    } else {
+        puts("Password removed.");
+    }
     return 0;
 }