From 197b8df2eddbb1d1309170e3ad5b851abecddf8d Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Fri, 24 Oct 2025 23:32:35 +0800
Subject: [PATCH] fat: v0.1.1

---
 Cargo.lock  |  4 ++--
 Cargo.toml  |  2 +-
 src/main.rs | 37 +++++++++++++++++++++++--------------
 3 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c26d466..f57c449 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 
 [[package]]
 name = "aes"
@@ -325,7 +325,7 @@ dependencies = [
 
 [[package]]
 name = "pinentry-cli"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "aes-gcm-stream",
  "clap",
diff --git a/Cargo.toml b/Cargo.toml
index 86804c6..b8b5108 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "pinentry-cli"
-version = "0.1.0"
+version = "0.1.1"
 edition = "2021"
 
 [dependencies]
diff --git a/src/main.rs b/src/main.rs
index 9e7b233..54be629 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,5 @@
-use std::{env, fs};
 use std::process::exit;
+use std::{env, fs};
 
 use aes_gcm_stream::Aes256GcmStreamEncryptor;
 use clap::Parser;
@@ -23,7 +23,7 @@ struct Cli {
     /// Prompt in pinentry
     #[arg(long)]
     pub prompt: Option<String>,
-    /// Encryption key, must be 32 bytes and in HEX format
+    /// Encryption key, must be 32 bytes and in HEX format, '-' do not encrypt
     #[arg(long, short = 'k')]
     pub encryption_key: String,
     /// Disable fallback to rpassword, default false
@@ -88,14 +88,22 @@ fn get_pin_entry(args: &Cli) -> String {
 fn get_encryption_key(args: &Cli) -> Result<[u8; 32], PinResult> {
     let mut encryption_key = [0_u8; 32];
 
+    if &args.encryption_key == "-" || &args.encryption_key == "--" {
+        // all 0 key, do not encrypt
+        return Ok(encryption_key);
+    }
+
     match hex::decode(&args.encryption_key) {
         Ok(key) => {
             if key.len() != 32 {
-                return Err(PinResult::new_error(format!("Bad encryption key length, expected 32, actual: {}", key.len())));
+                return Err(PinResult::new_error(format!(
+                    "Bad encryption key length, expected 32, actual: {}",
+                    key.len()
+                )));
             }
             encryption_key.copy_from_slice(&key[..32]);
         }
-        Err(e) => return Err(PinResult::new_error(format!("{}", e)))
+        Err(e) => return Err(PinResult::new_error(format!("{}", e))),
     };
     Ok(encryption_key)
 }
@@ -120,25 +128,26 @@ fn get_pin(args: Cli) -> PinResult {
             Ok(secret_string) => {
                 PinResult::new_pin(&encryption_key, secret_string.expose_secret().to_string())
             }
-            Err(e) => {
-                PinResult::new_error(format!("{}", e))
-            }
+            Err(e) => PinResult::new_error(format!("{}", e)),
         }
     } else if fallback_cli {
         match rpassword::prompt_password(format!("{}: ", description)) {
-            Ok(pin) => {
-                PinResult::new_pin(&encryption_key, pin)
-            }
-            Err(e) => {
-                PinResult::new_error(format!("{}", e))
-            }
+            Ok(pin) => PinResult::new_pin(&encryption_key, pin),
+            Err(e) => PinResult::new_error(format!("{}", e)),
         }
     } else {
-        PinResult::new_error(String::from("pinentry not found and --disable-fallback-cli is turned on."))
+        PinResult::new_error(String::from(
+            "pinentry not found and --disable-fallback-cli is turned on.",
+        ))
     }
 }
 
 fn encrypt(key: &[u8; 32], pin: String) -> String {
+    if key == &[0_u8; 32] {
+        // DO NOT encrypt when key is all 0
+        return pin;
+    }
+
     let nonce = random::<[u8; 12]>();
     let mut encrypted = vec![];
     let mut encryptor = Aes256GcmStreamEncryptor::new(*key, &nonce);