DESCRIPTION
    The Keyring PDB handler is a helper class for the Palm::PDB package. It
    parses Keyring for Palm OS databases. See
    <http://gnukeyring.sourceforge.net/>.

    It has the standard Palm::PDB methods with 4 additional public methods.
    Unlock, Lock, Decrypt and Encrypt.

    It currently supports the v4 Keyring databases as well as the
    pre-release v5 databases.

SYNOPSIS
        use Palm::PDB;
        use Palm::Keyring;
    
        my $pass = 'password';
        my $file = 'Keys-Gtkr.pdb';
        my $pdb  = new Palm::PDB;
        $pdb->Load($file);
    
        $pdb->Unlock($pass);
        foreach my $rec (@{ $pdb->{records} }) {
            print $rec->{plaintext}->{0}->{data}, ' - ', 
                  $rec->{plaintext}->{1}->{data}, "\n";
        }
        $pdb->Lock();

SUBROUTINES/METHODS
  new
        $pdb = new Palm::Keyring([$password[, $version]]);

    Create a new PDB, initialized with the various Palm::Keyring fields and
    an empty record list.

    Use this method if you're creating a Keyring PDB from scratch otherwise
    you can just use Palm::PDB::new() before calling Load().

    If you pass in a password, it will initalize the database with the
    encrypted password.

    new() now also takes options in other formats

        $pdb = new Palm::Keyring({ key1 => value1,  key2 => value2 });
        $pdb = new Palm::Keyring( -key1 => value1, -key2 => value2);

    Supported options

        password
            The password used to initialize the database

        version
            The version of database to create. Accepts either 4 or 5.
            Currently defaults to 4.

        cipher
            The cipher to use. Either the number or the name. Only used by
            v5 datbases.

                0 => None
                1 => DES_EDE3
                2 => AES128
                3 => AES256

        iterations
            The number of iterations to encrypt with. Only used by somy
            crypts in v5 databases.

    For v5 databases there are some additional appinfo fields set. These are
    set either on new() or Load().

        $pdb->{appinfo} = {
            # normal appinfo stuff described in L<Palm::StdAppInfo>
            cipher     => The index number of the cipher being used
            iter       => Number of iterations for the cipher
        };

  crypts
    Pass in the alias of the crypt to use, or the index.

    These only make sense for v5 databases.

    This is a function, not a method.

    $cipher can be 0, 1, 2, 3, None, DES_EDE3, AES128 or AES256.

        my $c = Palm::Keyring::crypt($cipher);

    $c is now:

        $c = {
            alias     => (None|DES_EDE3|AES128|AES256),
            name      => (None|DES_EDE3|Rijndael),
            keylen    => <key length of the cipher>,
            blocksize => <block size of the cipher>,
            default_iter => <default iterations for the cipher>,
        };

    If it is unable to find the crypt it will return undef.

  labels
    Pass in the id or the name of the label. The label id is used as a key
    to the different parts of the records. See Encrypt() for details on
    where the label is used.

    This is a function, not a method.

        my $l = Palm::Keyring::labels($label);

    $l is now:

        $l = {
            id => 0,
            name => 'name',
        };

    If what you passed in was a number that doesn't have a name, it will
    return:

        $l => {
            id => $num_passed_in,
            name => undef,
        }

    If you pass in a name that it can't find, then it returns undef.

  Encrypt
   !!! IMPORTANT !!!  The order of the arguments to Encrypt has
changed.  $password and $plaintext used to be swapped.  They changed
because you can now set $rec->{plaintext} and not pass in $plaintext so
$password is more important.
        $pdb->Encrypt($rec[, $password[, $plaintext[, $ivec]]]);

    Encrypts an account into a record, either with the password previously
    used, or with a password that is passed.

    $ivec is the initialization vector to use to encrypt the record. This is
    not used by v4 databases. Normally this is not passed and is generated
    randomly.

    $rec is a record from $pdb->{records} or a new_Record().
    $rec->{plaintext} is a hashref in the format below.

        $plaintext = {
            0 => {
                label    => 'name',
                label_id => 0,
                font     => 0,
                data     => $name,
            1 => {
                label    => 'account',
                label_id => 1,
                font     => 0,
                data     => $account,
            },
            2 => {
                label    => 'password',
                label_id => 2,
                font     => 0,
                data     => $password,
            },
            3 => {
                label    => 'lastchange',
                label_id => 3,
                font     => 0,
                data     => {
                    year => $year, # usually the year - 1900
                    mon  => $mon,  # range 0-11
                    day  => $day,  # range 1-31
                },
            },
            255 => {
                label    => 'notes',
                label_id => 255,
                font     => 0,
                data     => $notes,
            },
        };

    The account name is stored in $rec->{plaintext}->{0}->{data} for both v4
    and v5 databases even when the record has not been Decrypt()ed.

        $rec->{plaintext}->{0} => {
            label    => 'name',
            label_id => 0,
            font     => 0,
            data     => 'account name',
        };

    If you have changed anything other than the lastchange, or don't pass in
    a lastchange key, Encrypt() will generate a new lastchange date for you.

    If you pass in a lastchange field that is different than the one in the
    record, it will honor what you passed in.

    You can either set $rec->{plaintext} or pass in $plaintext. $plaintext
    is used over anything in $rec->{plaintext}.

  Decrypt
        my $plaintext = $pdb->Decrypt($rec[, $password]);

    Decrypts the record and returns a reference for the plaintext account as
    described under Encrypt(). Also sets $rec->{plaintext} with the same
    information as $plaintext as described in Encrypt().

        foreach my $rec (@{ $pdb->{records} }) {
            my $plaintext = $pdb->Decrypt($rec);
            # do something with $plaintext
        }

  Password
        $pdb->Password([$password[, $new_password]]);

    Either sets the password to be used to crypt, or if you pass
    $new_password, changes the password on the database.

    If you have created a new $pdb, and you didn't set a password when you
    called new(), you only need to pass one password and it will set that as
    the password.

    If nothing is passed, it forgets the password that it was remembering.

    After a successful password verification the following fields are set

    For v4

        $pdb->{digest}   = the calculated digest used from the key;
        $pdb->{password} = the password that was passed in;
        $pdb->{encpassword} = the password as stored in the pdb;

    For v5

        $pdb->{appinfo} = {
            # As described under new() with these additional fields
            cipher     => The index number of the cipher being used
            iter       => Number of iterations for the cipher
            key        => The key that is calculated from the password 
                          and salt and is used to decrypt the records.
            masterhash => the hash of the key that is stored in the 
                          database.  Either set when Loading the database
                          or when setting a new password.
            salt       => the salt that is either read out of the database 
                          or calculated when setting a new password.
        };

  Unlock
        $pdb->Unlock([$password]);

    Decrypts all the records. Sets $rec->{plaintext} for all records.

    This makes it easy to show all decrypted information.

       my $pdb = Palm::KeyRing->new();
       $pdb->Load($keyring_file);
       $pdb->Unlock($password);
       foreach my $plaintext (map { $_->{plaintext} } @{ $pdb->{records} }) {
           # Do something like display the account.
       }
       $pdb->Lock();

  Lock
        $pdb->Lock();

    Unsets $rec->{plaintext} for all records and unsets the saved password.

    This does NOT Encrypt() any of the records before clearing them, so if
    you are not careful you will lose information.

    CAVEAT! This only does "delete $rec->{plaintext}" and the same for the
    password. If someone knows of a cross platform reliable way to make sure
    that the information is actually cleared from memory I would appreciate
    it. Also, if someone knows how to make sure that the stuff in
    $rec->{plaintext} is not written to swap, that would be very handy as
    well.

  Other overridden subroutines/methods
    ParseAppInfoBlock
        Converts the extra returned by Palm::StdAppInfo::ParseAppInfoBlock()
        into the following additions to $pdb->{appinfo}

            $pdb->{appinfo} = {
                cipher     => The index number of the cipher being used (Not v4)
                iter       => Number of iterations for the cipher (Not v4)
            };

    PackAppInfoBlock
        Reverses ParseAppInfoBlock before sending it on to
        Palm::StdAppInfo::PackAppInfoBlock()

    ParseRecord
        Adds some fields to a record from Palm::StdAppInfo::ParseRecord()

            $rec = {
                name       => Account name
                ivec       => The IV for the encrypted record.  (Not v4)
                encrypted  => the encrypted information
            };

        For v4 databases it also removes record 0 and moves the encrypted
        password to $self->{encpassword}.

    PackRecord
        Reverses ParseRecord and then sends it through
        Palm::StdAppInfo::PackRecord()

    Write
        For v4 databases it puts back the record 0 for the encrypted
        password before writing it.

DEPENDENCIES
    Palm::StdAppInfo

    For v4 databases

    Digest::MD5

    Crypt::DES

    For v5 databases

    Digest::HMAC_SHA1

    Digest::SHA1

    Depending on how the database is encrypted

    Crypt::CBC - For any encryption but None

    Crypt::DES_EDE3 - DES_EDE3 encryption

    Crytp::Rijndael - AES encryption schemes

THANKS
    I would like to thank the helpful Perlmonk shigetsu who gave me some
    great advice and helped me get my first module posted.
    <http://perlmonks.org/?node_id=596998>

    I would also like to thank Johan Vromans <jvromans@squirrel.nl> --
    <http://www.squirrel.nl/people/jvromans>. He had his own Palm::KeyRing
    module that he posted a couple of days before mine was ready and he was
    kind enough to let me have the namespace as well as giving me some very
    helpful hints about doing a few things that I was unsure of. He is
    really great.

    And finally, thanks to Jochen Hoenicke <hoenicke@gmail.com> (one of the
    authors of Palm Keyring) for getting me started on the v5 support as
    well as providing help and some subroutines.

BUGS AND LIMITATIONS
    I am sure there are problems with this module. For example, I have not
    done very extensive testing of the v5 databases.

    I am not sure I am 'require module' the best way, but I don't want to
    depend on modules that you don't need to use.

    The date validation for packing new dates is very poor.

    I have not gone through and standardized on how the module fails. Some
    things fail with croak, some return undef, some may even fail silently.
    Nothing initializes a lasterr method or anything like that.

    This module does not do anything special with the plaintext data. It
    SHOULD treat it somehow special so that it can't be found in RAM or in a
    swap file anywhere. I don't have a clue how to do this.

    I need to fix all this before it is a 1.0 candidate.

    Please report any bugs or feature requests to "bug-palm-keyring at
    rt.cpan.org", or through the web interface at <http://rt.cpan.org>. I
    will be notified, and then you'll automatically be notified of progress
    on your bug as I make changes.

AUTHOR
    Andrew Fresh <andrew@cpan.org>

LICENSE AND COPYRIGHT
    Copyright 2004, 2005, 2006, 2007 Andrew Fresh, All Rights Reserved.

    This program is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself.

SEE ALSO
    Palm::PDB(3)

    Palm::StdAppInfo(3)

    The Keyring for Palm OS website: <http://gnukeyring.sourceforge.net/>

    The HACKING guide for palm keyring databases:
    <http://gnukeyring.cvs.sourceforge.net/*checkout*/gnukeyring/keyring/HAC
    KING>

    Johan Vromans also has a wxkeyring app that now uses this module,
    available from his website at
    <http://www.vromans.org/johan/software/sw_palmkeyring.html>

