
detach keysig generation from pub key export, so that an existing
keysig can be verified later.

key++: normalize id and lc()

allow signing using an alternate secret key, like in pcpdecrypt()

malloc() new pointers in functions only if not NULL, e.g. pcp_gennonce()

check pub key count in pcp.c before calling verify signature, croak if count==0

vault checksum: add keysigs as well

Add newlines to headers in define.h, so strlen() later catches the whole length.

Check is_utf8 license.
  also found in https://gd.meizo.com/_files/lpc/ext/utf8.c

c++ destructor double free mess

