===================================================================
RCS file: /cvs/palm/Palm-Keyring/lib/Palm/Keyring.pm,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- palm/Palm-Keyring/lib/Palm/Keyring.pm	2007/09/12 03:44:36	1.48
+++ palm/Palm-Keyring/lib/Palm/Keyring.pm	2007/09/12 04:39:22	1.49
@@ -1,5 +1,5 @@
 package Palm::Keyring;
-# $RedRiver: Keyring.pm,v 1.47 2007/09/12 00:30:10 andrew Exp $
+# $RedRiver: Keyring.pm,v 1.48 2007/09/12 02:44:36 andrew Exp $
 ########################################################################
 # Keyring.pm *** Perl class for Keyring for Palm OS databases.
 #
@@ -1391,17 +1391,12 @@
 parses Keyring for Palm OS databases.  See
 L<http://gnukeyring.sourceforge.net/>.
 
-It has the standard Palm::PDB methods with 2 additional public methods.  
-Decrypt and Encrypt.
+It has the standard Palm::PDB methods with 4 additional public methods.  
+Unlock, Lock, Decrypt and Encrypt.
 
 It currently supports the v4 Keyring databases as well as
-the pre-release v5 databases.  I am not completely happy with the interface
-for accessing v5 databases, so any suggestions on improvements on 
-the interface are appreciated.
+the pre-release v5 databases. 
 
-This module doesn't store the plaintext content.  It only keeps it until it 
-returns it to you or encrypts it.
-
 =head1 SYNOPSIS
 
     use Palm::PDB;
@@ -1412,10 +1407,12 @@
     my $pdb  = new Palm::PDB;
     $pdb->Load($file);
     
+    $pdb->Unlock($pass);
     foreach my $rec (@{ $pdb->{records} }) {
-        my $plaintext = $pdb->Decrypt($rec, $pass);
-        print $plaintext->{0}->{data}, ' - ', $plaintext->{1}->{data}, "\n";
+        print $rec->{plaintext}->{0}->{data}, ' - ', 
+              $rec->{plaintext}->{1}->{data}, "\n";
     }
+    $pdb->Lock();
 
 =head1 SUBROUTINES/METHODS
 
@@ -1429,7 +1426,7 @@
 Use this method if you're creating a Keyring PDB from scratch otherwise you 
 can just use Palm::PDB::new() before calling Load().
 
-If you pass in a password, it will initalize the first record with the encrypted 
+If you pass in a password, it will initalize the database with the encrypted 
 password.
 
 new() now also takes options in other formats
@@ -1453,7 +1450,7 @@
 
 =item cipher
 
-The cipher to use.  Either the number or the name.
+The cipher to use.  Either the number or the name.  Only used by v5 datbases.
 
     0 => None
     1 => DES_EDE3
@@ -1462,12 +1459,8 @@
 
 =item iterations
 
-The number of iterations to encrypt with.
+The number of iterations to encrypt with.  Only used by somy crypts in v5 databases.
 
-=item options
-
-A hashref of the options that are set
-
 =back
 
 =back
@@ -1507,7 +1500,9 @@
 
 =head2 labels
 
-Pass in the id or the name of the label;
+Pass in the id or the name of the label.  The label id is used as a key
+to the different parts of the records.
+See Encrypt() for details on where the label is used.
 
 This is a function, not a method.  
 
@@ -1531,6 +1526,11 @@
 
 =head2 Encrypt
 
+=head3 B<!!! IMPORTANT !!!>  The order of the arguments to Encrypt has
+changed.  $password and $plaintext used to be swapped.  They changed
+because you can now set $rec->{plaintext} and not pass in $plaintext so
+$password is more important.
+
     $pdb->Encrypt($rec[, $password[, $plaintext[, $ivec]]]);
 
 Encrypts an account into a record, either with the password previously 
@@ -1565,7 +1565,11 @@
             label    => 'lastchange',
             label_id => 3,
             font     => 0,
-            data     => $lastchange,
+            data     => {
+                year => $year, # usually the year - 1900
+                mon  => $mon,  # range 0-11
+                day  => $day,  # range 1-31
+            },
         },
         255 => {
             label    => 'notes',
@@ -1575,8 +1579,8 @@
         },
     };
 
-The account name is also stored in $rec->{plaintext}->{0}->{data} for both v4
-and v5 databases.  
+The account name is stored in $rec->{plaintext}->{0}->{data} for both v4
+and v5 databases even when the record has not been Decrypt()ed.  
 
     $rec->{plaintext}->{0} => {
         label    => 'name',
@@ -1600,9 +1604,9 @@
     my $plaintext = $pdb->Decrypt($rec[, $password]);
 
 Decrypts the record and returns a reference for the plaintext account as
-described under L<Encrypt>.  
+described under Encrypt().  
 Also sets $rec->{plaintext} with the same information as $plaintext as
-described in L<Encrypt>.
+described in Encrypt().
 
     foreach my $rec (@{ $pdb->{records} }) {
         my $plaintext = $pdb->Decrypt($rec);
@@ -1668,7 +1672,7 @@
 
 Unsets $rec->{plaintext} for all records and unsets the saved password.
 
-This does NOT L<Encrypt> any of the records before clearing them, so if
+This does NOT Encrypt() any of the records before clearing them, so if
 you are not careful you will lose information.
 
 B<CAVEAT!> This only does "delete $rec->{plaintext}" and the same for the
@@ -1774,15 +1778,17 @@
 I am not sure I am 'require module' the best way, but I don't want to 
 depend on modules that you don't need to use.  
 
-I am not very happy with the data structures used by Encrypt() and 
-Decrypt() for v5 databases, but I am not sure of a better way.  
-
 The date validation for packing new dates is very poor.
 
 I have not gone through and standardized on how the module fails.  Some 
 things fail with croak, some return undef, some may even fail silently.  
-Nothing initializes a lasterr method or anything like that.  I need 
-to fix all that before it is a 1.0 candidate. 
+Nothing initializes a lasterr method or anything like that.  
+
+This module does not do anything special with the plaintext data.  It SHOULD 
+treat it somehow special so that it can't be found in RAM or in a swap file 
+anywhere.  I don't have a clue how to do this.
+
+I need to fix all this before it is a 1.0 candidate. 
 
 Please report any bugs or feature requests to
 C<bug-palm-keyring at rt.cpan.org>, or through the web interface at