moving structs relevant for signatures into taler_signatures.h, splitting of private keys that are not in messages; moving test_hash_context to GNUnet

2015-01-09 18:18:59 +01:00 · 2015-01-09 18:18:59 +01:00 · 0430d6fb03
commit 0430d6fb03
parent f5e49d926a
25 changed files with 390 additions and 402 deletions
--- a/14
+++ b/14
@ -0,0 +1,14 @@
 Project structure is currently as follows:
 src/include/
  -- installed headers for public APIs
 src/util/
  -- common utility functions (to be ideally eliminated)
 src/mint/
  -- taler mint server and helper binaries
 src/lib/
  -- libtalermint: C API to issue HTTP requests to mint, including testcases
--- a/configure.ac
+++ b/configure.ac
@ -152,5 +152,6 @@ AC_CONFIG_FILES([Makefile
                 src/include/Makefile
                 src/util/Makefile
                 src/mint/Makefile
                 src/lib/Makefile
                 ])
 AC_OUTPUT
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -1,2 +1,2 @@
 AM_CPPFLAGS = -I$(top_srcdir)/src/include
-SUBDIRS = include util mint 
+SUBDIRS = include util mint lib
--- a/src/include/Makefile.am
+++ b/src/include/Makefile.am
@ -7,5 +7,4 @@ talerinclude_HEADERS = \
  taler_mint_service.h \
  taler_rsa.h \
  taler_signatures.h \
  taler_types.h \
  taler_util.h
--- a/src/include/taler_mint_service.h
+++ b/src/include/taler_mint_service.h
@ -3,23 +3,21 @@
  (C) 2014 Christian Grothoff (and other contributing authors)
  TALER is free software; you can redistribute it and/or modify it under the
-  terms of the GNU General Public License as published by the Free Software
+  terms of the GNU Affero General Public License as published by the Free Software
  Foundation; either version 3, or (at your option) any later version.
  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
-  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+  A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
-  You should have received a copy of the GNU General Public License along with
+  You should have received a copy of the GNU Affero General Public License along with
  TALER; see the file COPYING.  If not, If not, see <http://www.gnu.org/licenses/>
 */
 /**
 * @file include/taler_mint_service.h
- * @brief C interface to the mint's HTTP API
+ * @brief C interface of libtalermint, a C library to use mint's HTTP API
- * @author Sree Harsha Totakura <sreeharsha@totakura.in> 
+ * @author Sree Harsha Totakura <sreeharsha@totakura.in>
 */
 #ifndef _TALER_MINT_SERVICE_H
 #define _TALER_MINT_SERVICE_H
@ -166,8 +164,9 @@ struct TALER_MINT_KeysGetHandle;
 * @param emsg if the asynchronous call could not be completed due to an error,
 *        this parameter contains a human readable error message
 */
-typedef void (*TALER_MINT_ContinuationCallback) (void *cls,
+typedef void
-                                                 const char *emsg);
+(*TALER_MINT_ContinuationCallback) (void *cls,
                                    const char *emsg);
 /**
 * Functions of this type are called to provide the retrieved signing and
@ -180,9 +179,10 @@ typedef void (*TALER_MINT_ContinuationCallback) (void *cls,
 * @param denom_keys NULL-terminated array of pointers to the mint's
 *          denomination keys; will be NULL if no signing keys are retrieved.
 */
-typedef void (*TALER_MINT_KeysGetCallback) (void *cls,
+typedef void
-                                           struct TALER_MINT_SigningPublicKey **sign_keys,
+(*TALER_MINT_KeysGetCallback) (void *cls,
-                                           struct TALER_MINT_DenomPublicKey **denom_keys);
+                               struct TALER_MINT_SigningPublicKey **sign_keys,
                               struct TALER_MINT_DenomPublicKey **denom_keys);
 /**
@ -190,15 +190,18 @@ typedef void (*TALER_MINT_KeysGetCallback) (void *cls,
 *
 * @param mint handle to the mint
 * @param cb the callback to call with the keys
- * @param cls closure for the above callback
+ * @param cb_cls closure for the @a cb callback
 * @param cont_cb the callback to call after completing this asynchronous call
- * @param cont_cls the closure for the continuation callback
+ * @param cont_cls the closure for the @a cont_cb callback
 * @return a handle to this asynchronous call; NULL upon eror
 */
 struct TALER_MINT_KeysGetHandle *
 TALER_MINT_keys_get (struct TALER_MINT_Handle *mint,
-                     TALER_MINT_KeysGetCallback cb, void *cls,
+                     TALER_MINT_KeysGetCallback cb,
-                     TALER_MINT_ContinuationCallback cont_cb, void *cont_cls);
+                     void *cb_cls,
                     TALER_MINT_ContinuationCallback cont_cb,
                     void *cont_cls);
 /**
 * Cancel the asynchronous call initiated by TALER_MINT_keys_get().  This should
@ -229,10 +232,12 @@ struct TALER_MINT_DepositHandle;
 * @param emsg in case of unsuccessful deposit, this contains a human readable
 *        explanation.
 */
-typedef void (*TALER_MINT_DepositResultCallback) (void *cls,
+typedef void
-                                                  int status,
+(*TALER_MINT_DepositResultCallback) (void *cls,
-                                                  json_t *obj,
+                                     int status,
-                                                  char *emsg);
+                                     json_t *obj,
                                     char *emsg);
 /**
 * Submit a deposit permission to the mint and get the mint's response
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@ -13,18 +13,25 @@
  You should have received a copy of the GNU General Public License along with
  TALER; see the file COPYING.  If not, If not, see <http://www.gnu.org/licenses/>
 */
 /**
- * @file taler-mint-keyup.c
+ * @file taler_signatures.h
- * @brief Update the mint's keys for coins and signatures,
+ * @brief message formats and signature constants used to define
- *        using the mint's offline master key.
+ *        the binary formats of signatures in Taler
 * @author Florian Dold
 * @author Benedikt Mueller
 *
 * This file should define the constants and C structs that one
 * needs to know to implement Taler clients (wallets or merchants)
 * that need to produce or verify Taler signatures.
 */
 #ifndef TALER_SIGNATURES_H
 #define TALER_SIGNATURES_H
 #include <gnunet/gnunet_util_lib.h>
 #include "taler_rsa.h"
 /**
 * Purpose for signing public keys signed
 * by the mint master key.
@ -102,5 +109,133 @@
 */
 #define TALER_SIGNATURE_INCREMENTAL_DEPOSIT 202
 GNUNET_NETWORK_STRUCT_BEGIN
 /**
 * Request to withdraw coins from a reserve.
 */
 struct TALER_WithdrawRequest
 {
  /**
   * Signature over the rest of the message
   * by the withdraw public key.
   */
  struct GNUNET_CRYPTO_EddsaSignature sig;
  /**
   * Purpose must be #TALER_SIGNATURE_WITHDRAW.
   */
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  /**
   * Reserve public key.
   */
  struct GNUNET_CRYPTO_EddsaPublicKey reserve_pub;
  /**
   * Denomination public key for the coin that is withdrawn.
   * FIXME: change to the hash of the public key (so this
   * is fixed-size).
   */
  struct TALER_RSA_PublicKeyBinaryEncoded denomination_pub;
  /**
   * Purpose containing coin's blinded public key.
   *
   * FIXME: this should be explicitly a variable-size field with the
   * (blinded) message to be signed by the Mint.
   */
  struct TALER_RSA_BlindedSignaturePurpose coin_envelope;
 };
 /**
 * FIXME
 */
 struct TALER_MINT_SignKeyIssue
 {
  struct GNUNET_CRYPTO_EddsaSignature signature;
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_CRYPTO_EddsaPublicKey master_pub;
  struct GNUNET_TIME_AbsoluteNBO start;
  struct GNUNET_TIME_AbsoluteNBO expire;
  struct GNUNET_CRYPTO_EddsaPublicKey signkey_pub;
 };
 /**
 * FIXME
 */
 struct TALER_MINT_DenomKeyIssue
 {
  struct GNUNET_CRYPTO_EddsaSignature signature;
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_CRYPTO_EddsaPublicKey master;
  struct GNUNET_TIME_AbsoluteNBO start;
  struct GNUNET_TIME_AbsoluteNBO expire_withdraw;
  struct GNUNET_TIME_AbsoluteNBO expire_spend;
  struct TALER_RSA_PublicKeyBinaryEncoded denom_pub;
  struct TALER_AmountNBO value;
  struct TALER_AmountNBO fee_withdraw;
  struct TALER_AmountNBO fee_deposit;
  struct TALER_AmountNBO fee_refresh;
 };
 /**
 * FIXME
 */
 struct RefreshMeltSignatureBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_HashCode melt_hash;
 };
 /**
 * FIXME
 */
 struct RefreshCommitSignatureBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_HashCode commit_hash;
 };
 /**
 * FIXME
 */
 struct RefreshCommitResponseSignatureBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  uint16_t noreveal_index;
 };
 /**
 * FIXME
 */
 struct RefreshMeltResponseSignatureBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_HashCode melt_response_hash;
 };
 /**
 * FIXME
 */
 struct RefreshMeltConfirmSignRequestBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_CRYPTO_EddsaPublicKey session_pub;
 };
 GNUNET_NETWORK_STRUCT_END
 #endif
--- a/src/include/taler_types.h
+++ b/src/include/taler_types.h
@ -1,120 +0,0 @@
 /**
 * @file include/types.h
 * @brief This files defines the various data and message types in TALER.
 * @author Sree Harsha Totakura <sreeharsha@totakura.in>
 * @author Florian Dold
 */
 #ifndef TYPES_H_
 #define TYPES_H_
 #include "taler_rsa.h"
 /**
 * Public information about a coin.
 */
 struct TALER_CoinPublicInfo
 {
  /**
   * The coin's public key.
   */
  struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
  /*
   * The public key signifying the coin's denomination.
   */
  struct TALER_RSA_PublicKeyBinaryEncoded denom_pub;
  /**
   * Signature over coin_pub by denom_pub.
   */
  struct TALER_RSA_Signature denom_sig;
 };
 /**
 * Request to withdraw coins from a reserve.
 */
 struct TALER_WithdrawRequest
 {
  /**
   * Signature over the rest of the message
   * by the withdraw public key.
   */
  struct GNUNET_CRYPTO_EddsaSignature sig;
  /**
   * Purpose must be TALER_SIGNATURE_WITHDRAW.
   */
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  /**
   * Reserve public key.
   */
  struct GNUNET_CRYPTO_EddsaPublicKey reserve_pub;
  /**
   * Denomination public key for the coin that is withdrawn.
   */
  struct TALER_RSA_PublicKeyBinaryEncoded denomination_pub;
  /**
   * Purpose containing coin's blinded public key.
   */
  struct TALER_RSA_BlindedSignaturePurpose coin_envelope;
 };
 /**
 * Data type for messages
 */
 struct TALER_MessageHeader
 {
  /**
   * The type of the message in Network-byte order (NBO)
   */
  uint16_t type;
  /**
   * The size of the message in NBO
   */
  uint16_t size;
 };
 /*****************/
 /* Message types */
 /*****************/
 /**
 * The message type of a blind signature
 */
 #define TALER_MSG_TYPE_BLINDED_SIGNATURE  1
 /**
 * The message type of a blinded message
 */
 #define TALER_MSG_TYPE_BLINDED_MESSAGE 2
 /**
 * The message type of an unblinded signature
 * @FIXME: Not currently used
 */
 #define TALER_MSG_TYPE_UNBLINDED_SIGNATURE 3
 /**
 * The type of a blinding residue message
 * @FIXME: Not currently used
 */
 #define TALER_MSG_TYPE_BLINDING_RESIDUE 4
 /**
 * The type of a message containing the blinding factor
 */
 #define TALER_MSG_TYPE_BLINDING_FACTOR 5
 #endif  /* TYPES_H_ */
 /* end of include/types.h */
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@ -0,0 +1,34 @@
 AM_CPPFLAGS = -I$(top_srcdir)/src/include $(POSTGRESQL_CPPFLAGS)
 lib_LTLIBRARIES = \
  libtalermint.la
 libtalermint_la_LDFLAGS = \
  $(POSTGRESQL_LDFLAGS) \
  -version-info 0:0:0 \
  -no-undefined
 libtalermint_la_SOURCES = \
  mint_api.c
 libtalermint_la_LIBADD = \
  -lgnunetutil \
  -ljansson \
  -lcurl
 libtalermint_la_LDFLAGS = \
  -version-info 0:0:0 \
  -no-undefined
 check_PROGRAMS = \
  test_mint_api
 test_mint_api_SOURCES = \
  test_mint_api.c
 test_mint_api_LDADD = \
  libtalermint.la \
  $(LIBGCRYPT_LIBS) \
  $(top_builddir)/src/util/libtalerutil.la \
  -lgnunetutil \
  -ljansson
--- a/src/mint/mint_api.c
+++ b/src/mint/mint_api.c
@ -20,14 +20,13 @@
 * @brief Implementation of the client interface to mint's HTTP API
 * @author Sree Harsha Totakura <sreeharsha@totakura.in>
 */
 #include "platform.h"
 #include <curl/curl.h>
 #include <jansson.h>
 #include <gnunet/gnunet_util_lib.h>
 #include "taler_mint_service.h"
 #include "taler_signatures.h"
-#include "mint.h"
+
 #define CURL_STRERROR(TYPE, FUNCTION, CODE)      \
 GNUNET_log (TYPE, "cURL function `%s' has failed at `%s:%d' with error: %s", \
--- a/src/mint/test_mint_api.c
+++ b/src/mint/test_mint_api.c
@ -32,7 +32,7 @@ struct TALER_MINT_KeysGetHandle *dkey_get;
 struct TALER_MINT_DepositHandle *dh;
-static GNUNET_SCHEDULER_TaskIdentifier shutdown_task;
+static struct GNUNET_SCHEDULER_Task *shutdown_task;
 static int result;
@ -40,7 +40,7 @@ static int result;
 static void
 do_shutdown (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 {
-  shutdown_task = GNUNET_SCHEDULER_NO_TASK;
+  shutdown_task = NULL;
  if (NULL != dkey_get)
    TALER_MINT_keys_get_cancel (dkey_get);
  dkey_get = NULL;
--- a/src/mint/Makefile.am
+++ b/src/mint/Makefile.am
@ -1,35 +1,22 @@
 AM_CPPFLAGS = -I$(top_srcdir)/src/include $(POSTGRESQL_CPPFLAGS)
 lib_LTLIBRARIES = \
-  libtalermint.la \
+  libtalermint_common.la
  libtalermintapi.la
-libtalermint_la_SOURCES = \
+libtalermint_common_la_SOURCES = \
  mint_common.c \
  mint_db.c
-libtalermint_la_LIBADD = \
+libtalermint_common_la_LIBADD = \
  $(top_builddir)/src/util/libtalerutil.la \
  -lgnunetutil \
  -lpq
-libtalermint_la_LDFLAGS = \
+libtalermint_common_la_LDFLAGS = \
  $(POSTGRESQL_LDFLAGS) \
  -version-info 0:0:0 \
  -no-undefined
 libtalermintapi_la_SOURCES = \
  mint_api.c
 libtalermintapi_la_LIBADD = \
  -lgnunetutil \
  -ljansson \
  -lcurl
 libtalermintapi_la_LDFLAGS = \
  -version-info 0:0:0 \
  -no-undefined
 bin_PROGRAMS = \
  taler-mint-keyup \
@ -44,7 +31,7 @@ taler_mint_keyup_SOURCES = \
 taler_mint_keyup_LDADD = \
  $(LIBGCRYPT_LIBS) \
  $(top_builddir)/src/util/libtalerutil.la \
-  $(top_builddir)/src/mint/libtalermint.la \
+  $(top_builddir)/src/mint/libtalermint_common.la \
  -lpq \
  -lgnunetutil
 taler_mint_keyup_LDFLAGS = $(POSTGRESQL_LDFLAGS)
@ -56,7 +43,7 @@ taler_mint_keycheck_SOURCES = \
 taler_mint_keycheck_LDADD = \
  $(LIBGCRYPT_LIBS) \
  $(top_builddir)/src/util/libtalerutil.la \
-  $(top_builddir)/src/mint/libtalermint.la \
+  $(top_builddir)/src/mint/libtalermint_common.la \
  -lgnunetutil \
  -lpq
 taler_mint_keycheck_LDFLAGS = $(POSTGRESQL_LDFLAGS)
@ -66,7 +53,7 @@ taler_mint_reservemod_SOURCES = \
 taler_mint_reservemod_LDADD = \
  $(LIBGCRYPT_LIBS) \
  $(top_builddir)/src/util/libtalerutil.la \
-  $(top_builddir)/src/mint/libtalermint.la \
+  $(top_builddir)/src/mint/libtalermint_common.la \
  -lpq \
  -lgnunetutil
 taler_mint_reservemod_LDFLAGS = \
@ -83,7 +70,7 @@ taler_mint_httpd_SOURCES = \
 taler_mint_httpd_LDADD = \
  $(LIBGCRYPT_LIBS) \
  $(top_builddir)/src/util/libtalerutil.la \
-  $(top_builddir)/src/mint/libtalermint.la \
+  $(top_builddir)/src/mint/libtalermint_common.la \
  -lpq \
  -lmicrohttpd \
  -ljansson \
@ -98,28 +85,19 @@ taler_mint_dbinit_SOURCES = \
 taler_mint_dbinit_LDADD = \
  $(LIBGCRYPT_LIBS) \
  $(top_builddir)/src/util/libtalerutil.la \
-  $(top_builddir)/src/mint/libtalermint.la \
+  $(top_builddir)/src/mint/libtalermint_common.la \
  -lpq \
  -lgnunetutil
 taler_mint_dbinit_LDFLAGS = $(POSTGRESQL_LDFLAGS)
 check_PROGRAMS = \
  test-mint-api \
  test-mint-deposits \
  test-mint-common
 test_mint_api_SOURCES = test_mint_api.c
 test_mint_api_LDADD = \
  libtalermintapi.la \
  $(LIBGCRYPT_LIBS) \
  $(top_builddir)/src/util/libtalerutil.la \
  -lgnunetutil \
  -ljansson
 test_mint_deposits_SOURCES = \
  test_mint_deposits.c
 test_mint_deposits_LDADD = \
-  libtalermint.la \
+  libtalermint_common.la \
  $(top_srcdir)/src/util/libtalerutil.la \
  -lgnunetutil \
  -lpq
@ -127,6 +105,6 @@ test_mint_deposits_LDADD = \
 test_mint_common_SOURCES = \
  test_mint_common.c
 test_mint_common_LDADD = \
-  libtalermint.la \
+  libtalermint_common.la \
  $(top_srcdir)/src/util/libtalerutil.la \
  -lgnunetutil
--- a/src/mint/mint.h
+++ b/src/mint/mint.h
@ -29,82 +29,38 @@
 #include <libpq-fe.h>
 #include "taler_util.h"
 #include "taler_rsa.h"
 #include "taler_signatures.h"
 #define DIR_SIGNKEYS "signkeys"
 #define DIR_DENOMKEYS "denomkeys"
 GNUNET_NETWORK_STRUCT_BEGIN
 /**
- * FIXME
+ * On disk format used for a mint signing key.
 * Includes the private key followed by the signed
 * issue message.
 */
-struct TALER_MINT_SignKeyIssue
+struct TALER_MINT_SignKeyIssuePriv
 {
  struct GNUNET_CRYPTO_EddsaPrivateKey signkey_priv;
-  struct GNUNET_CRYPTO_EddsaSignature signature;
+  struct TALER_MINT_SignKeyIssue issue;
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_CRYPTO_EddsaPublicKey master_pub;
  struct GNUNET_TIME_AbsoluteNBO start;
  struct GNUNET_TIME_AbsoluteNBO expire;
  struct GNUNET_CRYPTO_EddsaPublicKey signkey_pub;
 };
-struct TALER_MINT_DenomKeyIssue
+
 struct TALER_MINT_DenomKeyIssuePriv
 {
  /**
   * The private key of the denomination.  Will be NULL if the private key is
   * not available.
   */
  struct TALER_RSA_PrivateKey *denom_priv;
-  struct GNUNET_CRYPTO_EddsaSignature signature;
+  struct TALER_MINT_DenomKeyIssue issue;
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_CRYPTO_EddsaPublicKey master;
  struct GNUNET_TIME_AbsoluteNBO start;
  struct GNUNET_TIME_AbsoluteNBO expire_withdraw;
  struct GNUNET_TIME_AbsoluteNBO expire_spend;
  struct TALER_RSA_PublicKeyBinaryEncoded denom_pub;
  struct TALER_AmountNBO value;
  struct TALER_AmountNBO fee_withdraw;
  struct TALER_AmountNBO fee_deposit;
  struct TALER_AmountNBO fee_refresh;
 };
 struct RefreshMeltSignatureBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_HashCode melt_hash;
 };
 struct RefreshCommitSignatureBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_HashCode commit_hash;
 };
 struct RefreshCommitResponseSignatureBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  uint16_t noreveal_index;
 };
 struct RefreshMeltResponseSignatureBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_HashCode melt_response_hash;
 };
 struct RefreshMeltConfirmSignRequestBody
 {
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
  struct GNUNET_CRYPTO_EddsaPublicKey session_pub;
 };
 GNUNET_NETWORK_STRUCT_END
 /**
@ -116,8 +72,9 @@ GNUNET_NETWORK_STRUCT_END
 *  #GNUNET_NO to stop iteration with no error,
 *  #GNUNET_SYSERR to abort iteration with error!
 */
-typedef int (*TALER_MINT_SignkeyIterator)(void *cls,
+typedef int
-                                          const struct TALER_MINT_SignKeyIssue *ski);
+(*TALER_MINT_SignkeyIterator)(void *cls,
                              const struct TALER_MINT_SignKeyIssuePriv *ski);
 /**
 * Iterator for denomination keys.
@ -129,9 +86,10 @@ typedef int (*TALER_MINT_SignkeyIterator)(void *cls,
 *  #GNUNET_NO to stop iteration with no error,
 *  #GNUNET_SYSERR to abort iteration with error!
 */
-typedef int (*TALER_MINT_DenomkeyIterator)(void *cls,
+typedef int
-                                           const char *alias,
+(*TALER_MINT_DenomkeyIterator)(void *cls,
-                                           const struct TALER_MINT_DenomKeyIssue *dki);
+                               const char *alias,
                               const struct TALER_MINT_DenomKeyIssuePriv *dki);
@ -160,7 +118,7 @@ TALER_MINT_denomkeys_iterate (const char *mint_base_dir,
 */
 int
 TALER_MINT_write_denom_key (const char *filename,
-                            const struct TALER_MINT_DenomKeyIssue *dki);
+                            const struct TALER_MINT_DenomKeyIssuePriv *dki);
 /**
@ -172,7 +130,7 @@ TALER_MINT_write_denom_key (const char *filename,
 */
 int
 TALER_MINT_read_denom_key (const char *filename,
-                           struct TALER_MINT_DenomKeyIssue *dki);
+                           struct TALER_MINT_DenomKeyIssuePriv *dki);
 /**
--- a/src/mint/mint_common.c
+++ b/src/mint/mint_common.c
@ -47,11 +47,12 @@ signkeys_iterate_dir_iter (void *cls,
  struct SignkeysIterateContext *skc = cls;
  ssize_t nread;
-  struct TALER_MINT_SignKeyIssue issue;
+  struct TALER_MINT_SignKeyIssuePriv issue;
  nread = GNUNET_DISK_fn_read (filename,
                               &issue,
-                               sizeof (struct TALER_MINT_SignKeyIssue));
+                               sizeof (struct TALER_MINT_SignKeyIssuePriv));
-  if (nread != sizeof (struct TALER_MINT_SignKeyIssue))
+  if (nread != sizeof (struct TALER_MINT_SignKeyIssuePriv))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid signkey file: '%s'\n", filename);
    return GNUNET_OK;
@ -87,7 +88,7 @@ TALER_MINT_signkeys_iterate (const char *mint_base_dir,
 */
 int
 TALER_MINT_read_denom_key (const char *filename,
-                           struct TALER_MINT_DenomKeyIssue *dki)
+                           struct TALER_MINT_DenomKeyIssuePriv *dki)
 {
  uint64_t size;
  size_t offset;
@ -97,8 +98,8 @@ TALER_MINT_read_denom_key (const char *filename,
  ret = GNUNET_SYSERR;
  data = NULL;
-  offset = sizeof (struct TALER_MINT_DenomKeyIssue)
+  offset = sizeof (struct TALER_MINT_DenomKeyIssuePriv)
-      - offsetof (struct TALER_MINT_DenomKeyIssue, signature);
+      - offsetof (struct TALER_MINT_DenomKeyIssuePriv, issue.signature);
  if (GNUNET_OK != GNUNET_DISK_file_size (filename,
                                          &size,
                                          GNUNET_YES,
@ -117,7 +118,7 @@ TALER_MINT_read_denom_key (const char *filename,
  if (NULL == (priv = TALER_RSA_decode_key (data + offset, size - offset)))
    goto cleanup;
  dki->denom_priv = priv;
-  (void) memcpy (&dki->signature, data, offset);
+  memcpy (&dki->issue.signature, data, offset);
  ret = GNUNET_OK;
 cleanup:
@ -135,7 +136,7 @@ TALER_MINT_read_denom_key (const char *filename,
 */
 int
 TALER_MINT_write_denom_key (const char *filename,
-                            const struct TALER_MINT_DenomKeyIssue *dki)
+                            const struct TALER_MINT_DenomKeyIssuePriv *dki)
 {
  struct TALER_RSA_PrivateKeyBinaryEncoded *priv_enc;
  struct GNUNET_DISK_FileHandle *fh;
@ -153,10 +154,10 @@ TALER_MINT_write_denom_key (const char *filename,
    goto cleanup;
  if (NULL == (priv_enc = TALER_RSA_encode_key (dki->denom_priv)))
    goto cleanup;
-  wsize = sizeof (struct TALER_MINT_DenomKeyIssue)
+  wsize = sizeof (struct TALER_MINT_DenomKeyIssuePriv)
-      - offsetof (struct TALER_MINT_DenomKeyIssue, signature);
+      - offsetof (struct TALER_MINT_DenomKeyIssuePriv, issue.signature);
  if (GNUNET_SYSERR == (wrote = GNUNET_DISK_file_write (fh,
-                                                        &dki->signature,
+                                                        &dki->issue.signature,
                                                        wsize)))
    goto cleanup;
  if (wrote != wsize)
@ -183,11 +184,13 @@ denomkeys_iterate_keydir_iter (void *cls,
 {
  struct DenomkeysIterateContext *dic = cls;
-  struct TALER_MINT_DenomKeyIssue issue;
+  struct TALER_MINT_DenomKeyIssuePriv issue;
  if (GNUNET_OK != TALER_MINT_read_denom_key (filename, &issue))
  {
-    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Invalid denomkey file: '%s'\n", filename);
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "Invalid denomkey file: '%s'\n",
                filename);
    return GNUNET_OK;
  }
  return dic->it (dic->it_cls, dic->alias, &issue);
--- a/src/mint/mint_db.h
+++ b/src/mint/mint_db.h
@ -26,10 +26,35 @@
 #include <libpq-fe.h>
 #include <gnunet/gnunet_util_lib.h>
 #include "taler_util.h"
 #include "taler_types.h"
 #include "taler_rsa.h"
 /**
 * Public information about a coin.
 */
 struct TALER_CoinPublicInfo
 {
  /**
   * The coin's public key.
   */
  struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
  /*
   * The public key signifying the coin's denomination.
   */
  struct TALER_RSA_PublicKeyBinaryEncoded denom_pub;
  /**
   * Signature over coin_pub by denom_pub.
   */
  struct TALER_RSA_Signature denom_sig;
 };
 /**
 * Reserve row.  Corresponds to table 'reserves' in
 * the mint's database.
--- a/src/mint/taler-mint-httpd.c
+++ b/src/mint/taler-mint-httpd.c
@ -29,7 +29,6 @@
 #include <pthread.h>
 #include "mint.h"
 #include "mint_db.h"
 #include "taler_types.h"
 #include "taler_signatures.h"
 #include "taler_rsa.h"
 #include "taler_json_lib.h"
--- a/src/mint/taler-mint-httpd_deposit.c
+++ b/src/mint/taler-mint-httpd_deposit.c
@ -28,7 +28,6 @@
 #include <pthread.h>
 #include "mint.h"
 #include "mint_db.h"
 #include "taler_types.h"
 #include "taler_signatures.h"
 #include "taler_rsa.h"
 #include "taler_json_lib.h"
--- a/src/mint/taler-mint-httpd_keys.c
+++ b/src/mint/taler-mint-httpd_keys.c
@ -28,7 +28,6 @@
 #include <pthread.h>
 #include "mint.h"
 #include "mint_db.h"
 #include "taler_types.h"
 #include "taler_signatures.h"
 #include "taler_rsa.h"
 #include "taler_json_lib.h"
@ -145,7 +144,7 @@ TALER_MINT_conf_duration_provide ()
 static int
 reload_keys_denom_iter (void *cls,
                        const char *alias,
-                        const struct TALER_MINT_DenomKeyIssue *dki)
+                        const struct TALER_MINT_DenomKeyIssuePriv *dki)
 {
  struct MintKeyState *ctx = cls;
  struct GNUNET_TIME_Absolute stamp_provide;
@ -155,28 +154,30 @@ reload_keys_denom_iter (void *cls,
  stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time,
                                            TALER_MINT_conf_duration_provide ());
-  if (GNUNET_TIME_absolute_ntoh (dki->expire_spend).abs_value_us < ctx->reload_time.abs_value_us)
+  if (GNUNET_TIME_absolute_ntoh (dki->issue.expire_spend).abs_value_us < ctx->reload_time.abs_value_us)
  {
    // this key is expired
    return GNUNET_OK;
  }
-  if (GNUNET_TIME_absolute_ntoh (dki->start).abs_value_us > stamp_provide.abs_value_us)
+  if (GNUNET_TIME_absolute_ntoh (dki->issue.start).abs_value_us > stamp_provide.abs_value_us)
  {
    // we are to early for this key
    return GNUNET_OK;
  }
-  GNUNET_CRYPTO_hash (&dki->denom_pub, sizeof (struct GNUNET_CRYPTO_EddsaPublicKey), &denom_key_hash);
+  GNUNET_CRYPTO_hash (&dki->issue.denom_pub,
                      sizeof (struct GNUNET_CRYPTO_EddsaPublicKey),
                      &denom_key_hash);
  res = GNUNET_CONTAINER_multihashmap_put (ctx->denomkey_map,
                                           &denom_key_hash,
-                                           GNUNET_memdup (dki, sizeof (struct TALER_MINT_DenomKeyIssue)),
+                                           GNUNET_memdup (dki, sizeof (struct TALER_MINT_DenomKeyIssuePriv)),
                                           GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY);
  if (GNUNET_OK != res)
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING, "Duplicate denomination key\n");
  json_array_append_new (ctx->denom_keys_array,
-                         denom_key_issue_to_json (dki));
+                         denom_key_issue_to_json (&dki->issue));
  return GNUNET_OK;
 }
@ -193,20 +194,20 @@ reload_keys_denom_iter (void *cls,
 */
 static int
 reload_keys_sign_iter (void *cls,
-                       const struct TALER_MINT_SignKeyIssue *ski)
+                       const struct TALER_MINT_SignKeyIssuePriv *ski)
 {
  struct MintKeyState *ctx = cls;
  struct GNUNET_TIME_Absolute stamp_provide;
  stamp_provide = GNUNET_TIME_absolute_add (ctx->reload_time, TALER_MINT_conf_duration_provide (cfg));
-  if (GNUNET_TIME_absolute_ntoh (ski->expire).abs_value_us < ctx->reload_time.abs_value_us)
+  if (GNUNET_TIME_absolute_ntoh (ski->issue.expire).abs_value_us < ctx->reload_time.abs_value_us)
  {
    // this key is expired
    return GNUNET_OK;
  }
-  if (GNUNET_TIME_absolute_ntoh (ski->start).abs_value_us > stamp_provide.abs_value_us)
+  if (GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us > stamp_provide.abs_value_us)
  {
    // we are to early for this key
    return GNUNET_OK;
@ -214,16 +215,16 @@ reload_keys_sign_iter (void *cls,
  // the signkey is valid for now, check
  // if it's more recent than the current one!
-  if (GNUNET_TIME_absolute_ntoh (ctx->current_sign_key_issue.start).abs_value_us >
+  if (GNUNET_TIME_absolute_ntoh (ctx->current_sign_key_issue.issue.start).abs_value_us >
-      GNUNET_TIME_absolute_ntoh (ski->start).abs_value_us)
+      GNUNET_TIME_absolute_ntoh (ski->issue.start).abs_value_us)
    ctx->current_sign_key_issue = *ski;
  ctx->next_reload = GNUNET_TIME_absolute_min (ctx->next_reload,
-                                               GNUNET_TIME_absolute_ntoh (ski->expire));
+                                               GNUNET_TIME_absolute_ntoh (ski->issue.expire));
  json_array_append_new (ctx->sign_keys_array,
-                         sign_key_issue_to_json (ski));
+                         sign_key_issue_to_json (&ski->issue));
  return GNUNET_OK;
 }
@ -334,14 +335,16 @@ TALER_MINT_key_state_acquire (void)
 * @return the denomination key issue,
 *         or NULL if denom_pub could not be found
 */
-struct TALER_MINT_DenomKeyIssue *
+struct TALER_MINT_DenomKeyIssuePriv *
 TALER_MINT_get_denom_key (const struct MintKeyState *key_state,
                          const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub)
 {
-  struct TALER_MINT_DenomKeyIssue *issue;
+  struct TALER_MINT_DenomKeyIssuePriv *issue;
  struct GNUNET_HashCode hash;
-  GNUNET_CRYPTO_hash (denom_pub, sizeof (struct TALER_RSA_PublicKeyBinaryEncoded), &hash);
+  GNUNET_CRYPTO_hash (denom_pub,
                      sizeof (struct TALER_RSA_PublicKeyBinaryEncoded),
                      &hash);
  issue = GNUNET_CONTAINER_multihashmap_get (key_state->denomkey_map, &hash);
  return issue;
 }
@ -361,7 +364,7 @@ int
 TALER_MINT_test_coin_valid (const struct MintKeyState *key_state,
                            struct TALER_CoinPublicInfo *coin_public_info)
 {
-  struct TALER_MINT_DenomKeyIssue *dki;
+  struct TALER_MINT_DenomKeyIssuePriv *dki;
  dki = TALER_MINT_get_denom_key (key_state, &coin_public_info->denom_pub);
  if (NULL == dki)
@ -369,7 +372,7 @@ TALER_MINT_test_coin_valid (const struct MintKeyState *key_state,
  if (GNUNET_OK != TALER_RSA_verify (&coin_public_info->coin_pub,
                                     sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
                                     &coin_public_info->denom_sig,
-                                     &dki->denom_pub))
+                                     &dki->issue.denom_pub))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
                "coin signature is invalid\n");
--- a/src/mint/taler-mint-httpd_keys.h
+++ b/src/mint/taler-mint-httpd_keys.h
@ -62,7 +62,7 @@ struct MintKeyState
  /**
   * Mint signing key that should be used currently.
   */
-  struct TALER_MINT_SignKeyIssue current_sign_key_issue;
+  struct TALER_MINT_SignKeyIssuePriv current_sign_key_issue;
  /**
   * Cached JSON text that the mint will send for
@ -105,7 +105,7 @@ TALER_MINT_key_state_acquire (void);
 * @return the denomination key issue,
 *         or NULL if denom_pub could not be found
 */
-struct TALER_MINT_DenomKeyIssue *
+struct TALER_MINT_DenomKeyIssuePriv *
 TALER_MINT_get_denom_key (const struct MintKeyState *key_state,
                          const struct TALER_RSA_PublicKeyBinaryEncoded *denom_pub);
--- a/src/mint/taler-mint-httpd_refresh.c
+++ b/src/mint/taler-mint-httpd_refresh.c
@ -28,7 +28,6 @@
 #include <pthread.h>
 #include "mint.h"
 #include "mint_db.h"
 #include "taler_types.h"
 #include "taler_signatures.h"
 #include "taler_rsa.h"
 #include "taler_json_lib.h"
@ -152,10 +151,11 @@ refresh_accept_denoms (struct MHD_Connection *connection,
    if (GNUNET_OK != res)
      return res;
-    dki = TALER_MINT_get_denom_key (key_state, &denom_pub);
+    dki = &(TALER_MINT_get_denom_key (key_state, &denom_pub)->issue);
    GNUNET_CRYPTO_hash_context_read (hash_context,
-                             &denom_pub, sizeof (struct TALER_RSA_PublicKeyBinaryEncoded));
+                                     &denom_pub,
                                     sizeof (struct TALER_RSA_PublicKeyBinaryEncoded));
    cost = TALER_amount_add (TALER_amount_ntoh (dki->value),
                             TALER_amount_ntoh (dki->fee_withdraw));
@ -353,7 +353,7 @@ refresh_accept_melts (struct MHD_Connection *connection,
    GNUNET_CRYPTO_hash_context_read (hash_context,
                             &coin_public_info.coin_pub, sizeof (struct GNUNET_CRYPTO_EddsaPublicKey));
-    dki = TALER_MINT_get_denom_key (key_state, &coin_public_info.denom_pub);
+    dki = &(TALER_MINT_get_denom_key (key_state, &coin_public_info.denom_pub)->issue);
    if (NULL == dki)
      return (MHD_YES == request_send_json_pack (connection, MHD_HTTP_NOT_FOUND,
@ -1344,7 +1344,7 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh,
  {
    struct RefreshCommitCoin commit_coin;
    struct TALER_RSA_PublicKeyBinaryEncoded denom_pub;
-    struct TALER_MINT_DenomKeyIssue *dki;
+    struct TALER_MINT_DenomKeyIssuePriv *dki;
    struct TALER_RSA_Signature ev_sig;
    res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
--- a/src/mint/taler-mint-httpd_withdraw.c
+++ b/src/mint/taler-mint-httpd_withdraw.c
@ -28,7 +28,6 @@
 #include <pthread.h>
 #include "mint.h"
 #include "mint_db.h"
 #include "taler_types.h"
 #include "taler_signatures.h"
 #include "taler_rsa.h"
 #include "taler_json_lib.h"
@ -79,7 +78,7 @@ static void
 sign_reserve (struct Reserve *reserve,
              struct MintKeyState *key_state)
 {
-  reserve->status_sign_pub = key_state->current_sign_key_issue.signkey_pub;
+  reserve->status_sign_pub = key_state->current_sign_key_issue.issue.signkey_pub;
  reserve->status_sig_purpose.purpose = htonl (TALER_SIGNATURE_RESERVE_STATUS);
  reserve->status_sig_purpose.size = htonl (sizeof (struct Reserve) -
                                          offsetof (struct Reserve, status_sig_purpose));
@ -151,7 +150,7 @@ TALER_MINT_handler_withdraw_status (struct RequestHandler *rh,
    return MHD_NO;
  }
  key_state = TALER_MINT_key_state_acquire ();
-  if (0 != memcmp (&key_state->current_sign_key_issue.signkey_pub,
+  if (0 != memcmp (&key_state->current_sign_key_issue.issue.signkey_pub,
                   &reserve.status_sign_pub,
                   sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)))
  {
@ -230,7 +229,7 @@ TALER_MINT_handler_withdraw_sign (struct RequestHandler *rh,
  struct Reserve reserve;
  struct MintKeyState *key_state;
  struct CollectableBlindcoin collectable;
-  struct TALER_MINT_DenomKeyIssue *dki;
+  struct TALER_MINT_DenomKeyIssuePriv *dki;
  struct TALER_RSA_Signature ev_sig;
  struct TALER_Amount amount_required;
@ -342,16 +341,16 @@ TALER_MINT_handler_withdraw_sign (struct RequestHandler *rh,
  key_state = TALER_MINT_key_state_acquire ();
  dki = TALER_MINT_get_denom_key (key_state,
-                       &wsrd.denomination_pub);
+                                  &wsrd.denomination_pub);
  TALER_MINT_key_state_release (key_state);
  if (NULL == dki)
    return request_send_json_pack (connection, MHD_HTTP_NOT_FOUND,
                                   "{s:s}",
                                   "error", "Denomination not found");
-  amount_required = TALER_amount_ntoh (dki->value);
+  amount_required = TALER_amount_ntoh (dki->issue.value);
  amount_required = TALER_amount_add (amount_required,
-                                      TALER_amount_ntoh (dki->fee_withdraw));
+                                      TALER_amount_ntoh (dki->issue.fee_withdraw));
  if (0 < TALER_amount_cmp (amount_required,
                            TALER_amount_ntoh (reserve.balance)))
--- a/src/mint/taler-mint-keycheck.c
+++ b/src/mint/taler-mint-keycheck.c
@ -32,19 +32,20 @@ static struct GNUNET_CONFIGURATION_Handle *kcfg;
 static int
-signkeys_iter (void *cls, const struct TALER_MINT_SignKeyIssue *ski)
+signkeys_iter (void *cls, const struct TALER_MINT_SignKeyIssuePriv *ski)
 {
  struct GNUNET_TIME_Absolute start;
  printf ("iterating over key for start time %s\n",
-          GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (ski->start)));
+          GNUNET_STRINGS_absolute_time_to_string (GNUNET_TIME_absolute_ntoh (ski->issue.start)));
-  start = GNUNET_TIME_absolute_ntoh (ski->start);
+  start = GNUNET_TIME_absolute_ntoh (ski->issue.start);
-  if (ntohl (ski->purpose.size) !=
+  if (ntohl (ski->issue.purpose.size) !=
      (sizeof (struct TALER_MINT_SignKeyIssue) - offsetof (struct TALER_MINT_SignKeyIssue, purpose)))
  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signkey with start %s has invalid purpose field (timestamp: %llu)\n",
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "Signkey with start %s has invalid purpose field (timestamp: %llu)\n",
                GNUNET_STRINGS_absolute_time_to_string (start),
                (long long) start.abs_value_us);
    return GNUNET_SYSERR;
@ -52,15 +53,16 @@ signkeys_iter (void *cls, const struct TALER_MINT_SignKeyIssue *ski)
  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNKEY,
-                                               &ski->purpose,
+                                               &ski->issue.purpose,
-                                               &ski->signature,
+                                               &ski->issue.signature,
-                                               &ski->master_pub))
+                                               &ski->issue.master_pub))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signkey with start %s has invalid signature (timestamp: %llu)\n",
                GNUNET_STRINGS_absolute_time_to_string (start),
                (long long) start.abs_value_us);
    return GNUNET_SYSERR;
  }
  /* FIXME: what about private key matching the public key? */
  printf ("key valid\n");
  return GNUNET_OK;
 }
@ -75,16 +77,17 @@ mint_signkeys_check ()
 }
-static int denomkeys_iter (void *cls,
+static int
-                           const char *alias,
+denomkeys_iter (void *cls,
-                           const struct TALER_MINT_DenomKeyIssue *dki)
+                const char *alias,
                const struct TALER_MINT_DenomKeyIssuePriv *dki)
 {
  struct GNUNET_TIME_Absolute start;
-  start = GNUNET_TIME_absolute_ntoh (dki->start);
+  start = GNUNET_TIME_absolute_ntoh (dki->issue.start);
-  if (ntohl (dki->purpose.size) !=
+  if (ntohl (dki->issue.purpose.size) !=
-      (sizeof (struct TALER_MINT_DenomKeyIssue) - offsetof (struct TALER_MINT_DenomKeyIssue, purpose)))
+      (sizeof (struct TALER_MINT_DenomKeyIssuePriv) - offsetof (struct TALER_MINT_DenomKeyIssuePriv, issue.purpose)))
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Denomkey for '%s' with start %s has invalid purpose field (timestamp: %llu)\n",
                alias,
@ -93,12 +96,14 @@ static int denomkeys_iter (void *cls,
    return GNUNET_SYSERR;
  }
-  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_DENOM,
+  if (GNUNET_OK !=
-                                               &dki->purpose,
+      GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_DENOM,
-                                               &dki->signature,
+                                  &dki->issue.purpose,
-                                               &dki->master))
+                                  &dki->issue.signature,
                                  &dki->issue.master))
  {
-    GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Denomkey for '%s'with start %s has invalid signature (timestamp: %llu)\n",
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
                "Denomkey for '%s'with start %s has invalid signature (timestamp: %llu)\n",
                alias,
                GNUNET_STRINGS_absolute_time_to_string (start),
                (long long) start.abs_value_us);
@ -113,7 +118,8 @@ static int denomkeys_iter (void *cls,
 static int
 mint_denomkeys_check ()
 {
-  if (0 > TALER_MINT_denomkeys_iterate (mintdir, denomkeys_iter, NULL))
+  if (0 > TALER_MINT_denomkeys_iterate (mintdir,
                                        &denomkeys_iter, NULL))
    return GNUNET_NO;
  return GNUNET_OK;
 }
@ -148,11 +154,11 @@ main (int argc, char *const *argv)
  GNUNET_assert (GNUNET_OK == GNUNET_log_setup ("taler-mint-keycheck", "WARNING", NULL));
-  if (GNUNET_GETOPT_run ("taler-mint-keyup", options, argc, argv) < 0) 
+  if (GNUNET_GETOPT_run ("taler-mint-keyup", options, argc, argv) < 0)
    return 1;
  if (NULL == mintdir)
  {
-    fprintf (stderr, "mint directory not given\n"); 
+    fprintf (stderr, "mint directory not given\n");
    return 1;
  }
--- a/src/mint/taler-mint-keyup.c
+++ b/src/mint/taler-mint-keyup.c
@ -292,26 +292,27 @@ get_anchor (const char *dir,
 }
 static void
-create_signkey_issue (struct GNUNET_TIME_Absolute start,
+create_signkey_issue_priv (struct GNUNET_TIME_Absolute start,
-                      struct GNUNET_TIME_Relative duration,
+                           struct GNUNET_TIME_Relative duration,
-                      struct TALER_MINT_SignKeyIssue *issue)
+                           struct TALER_MINT_SignKeyIssuePriv *pi)
 {
  struct GNUNET_CRYPTO_EddsaPrivateKey *priv;
  struct TALER_MINT_SignKeyIssue *issue = &pi->issue;
  priv = GNUNET_CRYPTO_eddsa_key_create ();
  GNUNET_assert (NULL != priv);
-  issue->signkey_priv = *priv;
+  pi->signkey_priv = *priv;
  GNUNET_free (priv);
  issue->master_pub = *master_pub;
  issue->start = GNUNET_TIME_absolute_hton (start);
  issue->expire = GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (start, duration));
-  GNUNET_CRYPTO_eddsa_key_get_public (&issue->signkey_priv, &issue->signkey_pub);
+  GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv, &issue->signkey_pub);
  issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNKEY);
  issue->purpose.size = htonl (sizeof (struct TALER_MINT_SignKeyIssue) - offsetof (struct TALER_MINT_SignKeyIssue, purpose));
-  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_sign (master_priv, &issue->purpose, &issue->signature)) 
+  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_sign (master_priv, &issue->purpose, &issue->signature))
  {
    GNUNET_abort ();
  }
@ -354,10 +355,10 @@ mint_keys_update_signkeys ()
    skf = get_signkey_file (anchor);
    if (GNUNET_YES != GNUNET_DISK_file_test (skf))
    {
-      struct TALER_MINT_SignKeyIssue signkey_issue;
+      struct TALER_MINT_SignKeyIssuePriv signkey_issue;
      ssize_t nwrite;
      printf ("Generating signing key for %s.\n", GNUNET_STRINGS_absolute_time_to_string (anchor));
-      create_signkey_issue (anchor, signkey_duration, &signkey_issue);
+      create_signkey_issue_priv (anchor, signkey_duration, &signkey_issue);
      nwrite = GNUNET_DISK_fn_write (skf, &signkey_issue, sizeof (struct TALER_MINT_SignKeyIssue),
                                     (GNUNET_DISK_PERM_USER_WRITE | GNUNET_DISK_PERM_USER_READ));
      if (nwrite != sizeof (struct TALER_MINT_SignKeyIssue))
@ -430,28 +431,32 @@ get_cointype_params (const char *ct, struct CoinTypeParams *params)
 static void
-create_denomkey_issue (struct CoinTypeParams *params, struct TALER_MINT_DenomKeyIssue *dki)
+create_denomkey_issue (struct CoinTypeParams *params,
                       struct TALER_MINT_DenomKeyIssuePriv *dki)
 {
  GNUNET_assert (NULL != (dki->denom_priv = TALER_RSA_key_create ()));
-  TALER_RSA_key_get_public (dki->denom_priv, &dki->denom_pub);
+  TALER_RSA_key_get_public (dki->denom_priv, &dki->issue.denom_pub);
-  dki->master = *master_pub;
+  dki->issue.master = *master_pub;
-  dki->start = GNUNET_TIME_absolute_hton (params->anchor);
+  dki->issue.start = GNUNET_TIME_absolute_hton (params->anchor);
-  dki->expire_withdraw = 
+  dki->issue.expire_withdraw =
-      GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor, 
+      GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor,
                                                           params->duration_withdraw));
-  dki->expire_spend = 
+  dki->issue.expire_spend =
-      GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor, 
+    GNUNET_TIME_absolute_hton (GNUNET_TIME_absolute_add (params->anchor,
                                                           params->duration_spend));
-  dki->value = TALER_amount_hton (params->value);
+  dki->issue.value = TALER_amount_hton (params->value);
-  dki->fee_withdraw = TALER_amount_hton (params->fee_withdraw);
+  dki->issue.fee_withdraw = TALER_amount_hton (params->fee_withdraw);
-  dki->fee_deposit = TALER_amount_hton (params->fee_deposit);
+  dki->issue.fee_deposit = TALER_amount_hton (params->fee_deposit);
-  dki->fee_refresh = TALER_amount_hton (params->fee_refresh);
+  dki->issue.fee_refresh = TALER_amount_hton (params->fee_refresh);
-  dki->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOM);
+  dki->issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOM);
-  dki->purpose.size = htonl (sizeof (struct TALER_MINT_DenomKeyIssue) - offsetof (struct TALER_MINT_DenomKeyIssue, purpose));
+  dki->issue.purpose.size = htonl (sizeof (struct TALER_MINT_DenomKeyIssuePriv) - offsetof (struct TALER_MINT_DenomKeyIssuePriv, issue.purpose));
-  if (GNUNET_OK != GNUNET_CRYPTO_eddsa_sign (master_priv, &dki->purpose, &dki->signature)) 
+  if (GNUNET_OK !=
-  {
+      GNUNET_CRYPTO_eddsa_sign (master_priv,
                                &dki->issue.purpose,
                                &dki->issue.signature))
    {
    GNUNET_abort ();
  }
 }
@ -484,7 +489,7 @@ mint_keys_update_cointype (const char *coin_alias)
    if (GNUNET_YES != GNUNET_DISK_file_test (dkf))
    {
-      struct TALER_MINT_DenomKeyIssue denomkey_issue;
+      struct TALER_MINT_DenomKeyIssuePriv denomkey_issue;
      int ret;
      printf ("Generating denomination key for type '%s', start %s.\n",
              coin_alias, GNUNET_STRINGS_absolute_time_to_string (p.anchor));
@ -589,11 +594,11 @@ main (int argc, char *const *argv)
  GNUNET_assert (GNUNET_OK == GNUNET_log_setup ("taler-mint-keyup", "WARNING", NULL));
-  if (GNUNET_GETOPT_run ("taler-mint-keyup", options, argc, argv) < 0) 
+  if (GNUNET_GETOPT_run ("taler-mint-keyup", options, argc, argv) < 0)
    return 1;
  if (NULL == mintdir)
  {
-    fprintf (stderr, "mint directory not given\n"); 
+    fprintf (stderr, "mint directory not given\n");
    return 1;
  }
@ -601,7 +606,7 @@ main (int argc, char *const *argv)
  {
    if (GNUNET_OK != GNUNET_STRINGS_fancy_time_to_absolute (pretend_time_str, &now))
    {
-      fprintf (stderr, "timestamp invalid\n"); 
+      fprintf (stderr, "timestamp invalid\n");
      return 1;
    }
  }
--- a/src/mint/test_mint_common.c
+++ b/src/mint/test_mint_common.c
@ -33,9 +33,9 @@
 int
 main (int argc, const char *const argv[])
 {
-  struct TALER_MINT_DenomKeyIssue dki;
+  struct TALER_MINT_DenomKeyIssuePriv dki;
  struct TALER_RSA_PrivateKeyBinaryEncoded *enc;
-  struct TALER_MINT_DenomKeyIssue dki_read;
+  struct TALER_MINT_DenomKeyIssuePriv dki_read;
  struct TALER_RSA_PrivateKeyBinaryEncoded *enc_read;
  char *tmpfile;
@ -48,7 +48,7 @@ main (int argc, const char *const argv[])
  dki.denom_priv = NULL;
  dki_read.denom_priv = NULL;
  GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
-                              &dki.signature,
+                              &dki.issue.signature,
                              sizeof (dki) - offsetof (struct TALER_MINT_DenomKeyIssue,
                                                       signature));
  dki.denom_priv = TALER_RSA_key_create ();
@ -61,8 +61,8 @@ main (int argc, const char *const argv[])
  EXITIF (0 != memcmp (enc,
                       enc_read,
                       ntohs(enc->len)));
-  EXITIF (0 != memcmp (&dki.signature,
+  EXITIF (0 != memcmp (&dki.issue.signature,
-                       &dki_read.signature,
+                       &dki_read.issue.signature,
                       sizeof (dki) - offsetof (struct TALER_MINT_DenomKeyIssue,
                                                signature)));
  ret = 0;
--- a/src/util/Makefile.am
+++ b/src/util/Makefile.am
@ -22,17 +22,11 @@ libtalerutil_la_LDFLAGS = \
  -export-dynamic -no-undefined
 check_PROGRAMS = \
  test-hash-context \
  test-rsa
 TESTS = \
  $(check_PROGRAMS)
 test_hash_context_SOURCES = test_hash_context.c
 test_hash_context_CPPFLAGS = $(AM_CPPFLAGS) $(LIBGCRYPT_CFLAGS)
 test_hash_context_LDADD = libtalerutil.la \
  -lgnunetutil $(LIBGCRYPT_LIBS)
 test_rsa_SOURCES = test_rsa.c
 test_rsa_LDADD = libtalerutil.la \
  -lgnunetutil $(LIBGCRYPT_LIBS)
--- a/src/util/test_hash_context.c
+++ b/src/util/test_hash_context.c
@ -1,48 +0,0 @@
 /*
  This file is part of TALER
  (C) 2014 Christian Grothoff (and other contributing authors)
  TALER is free software; you can redistribute it and/or modify it under the
  terms of the GNU General Public License as published by the Free Software
  Foundation; either version 3, or (at your option) any later version.
  TALER is distributed in the hope that it will be useful, but WITHOUT ANY
  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
  A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
  You should have received a copy of the GNU General Public License along with
  TALER; see the file COPYING.  If not, If not, see <http://www.gnu.org/licenses/>
 */
 /**
 * @file util/test_hash_context.c
 * @brief test case for incremental hashing
 * @author Florian Dold
 */
 #include "platform.h"
 #include "taler_util.h"
 #include <gcrypt.h>
 #define LEN 1234
 int main()
 {
  char data[1234];
  struct GNUNET_HashCode hc1;
  struct GNUNET_HashCode hc2;
  struct GNUNET_HashContext hctx;
  memset (data, 42, LEN);
  GNUNET_CRYPTO_hash_context_start (&hctx);
  GNUNET_CRYPTO_hash_context_read (&hctx, data, LEN);
  GNUNET_CRYPTO_hash_context_finish (&hctx, &hc1);
  GNUNET_CRYPTO_hash (data, LEN, &hc2);
  if (0 == memcmp (&hc1, &hc2, sizeof (struct GNUNET_HashCode)))
    return 0;
  return 1;
 }
`@ -1,2 +1,2 @@`
	`AM_CPPFLAGS = -I$(top_srcdir)/src/include`	`AM_CPPFLAGS = -I$(top_srcdir)/src/include`
	`SUBDIRS = include util mint`	`SUBDIRS = include util mint lib`