diff --git a/agent/ChangeLog b/agent/ChangeLog
index fd0f7105c..e0b8b8d10 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,6 +1,12 @@
+2010-06-21  Werner Koch  <wk@g10code.com>
+
+	* protect-tool.c (export_p12_file, import_p12_cert_cb)
+	(import_p12_file, sexp_to_kparms, store_private_key): Remove
+	unused code.
+
 2010-06-18  Werner Koch  <wk@g10code.com>
 
-	* protect-tool.c (store_private_key, rsa_key_check): 
+	* protect-tool.c (store_private_key, rsa_key_check): Remove.
 
 	* command.c (cmd_export_key): New.
 
diff --git a/agent/protect-tool.c b/agent/protect-tool.c
index f3fe1a8d8..be0bfd2e2 100644
--- a/agent/protect-tool.c
+++ b/agent/protect-tool.c
@@ -62,7 +62,6 @@ enum cmd_and_opt_values
   oS2Kcalibration,
   oCanonical,
 
-  oP12Charset,
   oStore,
   oForce,
   oHaveCert,
@@ -96,13 +95,10 @@ static int opt_have_cert;
 static const char *opt_passphrase;
 static char *opt_prompt;
 static int opt_status_msg;
-static const char *opt_p12_charset;
 static const char *opt_agent_program; 
 
 static char *get_passphrase (int promptno);
 static void release_passphrase (char *pw);
-static int store_private_key (const unsigned char *grip,
-                              const void *buffer, size_t length, int force);
 
 
 static ARGPARSE_OPTS opts[] = {
@@ -122,8 +118,6 @@ static ARGPARSE_OPTS opts[] = {
   ARGPARSE_s_n (oCanonical, "canonical", "write output in canonical format"),
 
   ARGPARSE_s_s (oPassphrase, "passphrase", "|STRING|use passphrase STRING"),
-  ARGPARSE_s_s (oP12Charset,"p12-charset",
-                "|NAME|set charset for a new PKCS#12 passphrase to NAME"),
   ARGPARSE_s_n (oHaveCert, "have-cert",
                 "certificate to export provided on STDIN"),
   ARGPARSE_s_n (oStore,    "store", 
@@ -545,385 +539,6 @@ show_keygrip (const char *fname)
 
 
 
-#if 0
-/* A callback used by p12_parse to return a certificate.  */
-static void
-import_p12_cert_cb (void *opaque, const unsigned char *cert, size_t certlen)
-{
-  struct b64state state;
-  gpg_error_t err, err2;
-
-  (void)opaque;
-
-  err = b64enc_start (&state, stdout, "CERTIFICATE");
-  if (!err)
-    err = b64enc_write (&state, cert, certlen);
-  err2 = b64enc_finish (&state);
-  if (!err)
-    err = err2;
-  if (err)
-    log_error ("error writing armored certificate: %s\n", gpg_strerror (err));
-}
-
-static void
-import_p12_file (const char *fname)
-{
-  char *buf;
-  unsigned char *result;
-  size_t buflen, resultlen, buf_off;
-  int i;
-  int rc;
-  gcry_mpi_t *kparms;
-  struct rsa_secret_key_s sk;
-  gcry_sexp_t s_key;
-  unsigned char *key;
-  unsigned char grip[20];
-  char *pw;
-
-  /* fixme: we should release some stuff on error */
-  
-  buf = read_file (fname, &buflen);
-  if (!buf)
-    return;
-
-  /* GnuPG 2.0.4 accidently created binary P12 files with the string
-     "The passphrase is %s encoded.\n\n" prepended to the ASN.1 data.
-     We fix that here.  */
-  if (buflen > 29 && !memcmp (buf, "The passphrase is ", 18))
-    {
-      for (buf_off=18; buf_off < buflen && buf[buf_off] != '\n'; buf_off++)
-        ;
-      buf_off++;
-      if (buf_off < buflen && buf[buf_off] == '\n')
-        buf_off++;
-    }
-  else
-    buf_off = 0;
-
-  kparms = p12_parse ((unsigned char*)buf+buf_off, buflen-buf_off,
-                      (pw=get_passphrase (2)),
-                      import_p12_cert_cb, NULL);
-  release_passphrase (pw);
-  xfree (buf);
-  if (!kparms)
-    {
-      log_error ("error parsing or decrypting the PKCS-12 file\n");
-      return;
-    }
-  for (i=0; kparms[i]; i++)
-    ;
-  if (i != 8)
-    {
-      log_error ("invalid structure of private key\n");
-      return;
-    }
-
-
-/*    print_mpi ("   n", kparms[0]); */
-/*    print_mpi ("   e", kparms[1]); */
-/*    print_mpi ("   d", kparms[2]); */
-/*    print_mpi ("   p", kparms[3]); */
-/*    print_mpi ("   q", kparms[4]); */
-/*    print_mpi ("dmp1", kparms[5]); */
-/*    print_mpi ("dmq1", kparms[6]); */
-/*    print_mpi ("   u", kparms[7]); */
-
-  sk.n = kparms[0];
-  sk.e = kparms[1];
-  sk.d = kparms[2];
-  sk.q = kparms[3];
-  sk.p = kparms[4];
-  sk.u = kparms[7];
-  if (rsa_key_check (&sk))
-    return;
-/*    print_mpi ("   n", sk.n); */
-/*    print_mpi ("   e", sk.e); */
-/*    print_mpi ("   d", sk.d); */
-/*    print_mpi ("   p", sk.p); */
-/*    print_mpi ("   q", sk.q); */
-/*    print_mpi ("   u", sk.u); */
-
-  /* Create an S-expresion from the parameters. */
-  rc = gcry_sexp_build (&s_key, NULL,
-                        "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
-                        sk.n, sk.e, sk.d, sk.p, sk.q, sk.u, NULL);
-  for (i=0; i < 8; i++)
-    gcry_mpi_release (kparms[i]);
-  gcry_free (kparms);
-  if (rc)
-    {
-      log_error ("failed to created S-expression from key: %s\n",
-                 gpg_strerror (rc));
-      return;
-    }
-
-  /* Compute the keygrip. */
-  if (!gcry_pk_get_keygrip (s_key, grip))
-    {
-      log_error ("can't calculate keygrip\n");
-      return;
-    }
-  log_info ("keygrip: ");
-  for (i=0; i < 20; i++)
-    log_printf ("%02X", grip[i]);
-  log_printf ("\n");
-
-  /* Convert to canonical encoding. */
-  buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, NULL, 0);
-  assert (buflen);
-  key = gcry_xmalloc_secure (buflen);
-  buflen = gcry_sexp_sprint (s_key, GCRYSEXP_FMT_CANON, key, buflen);
-  assert (buflen);
-  gcry_sexp_release (s_key);
-
-  pw = get_passphrase (4);
-  rc = agent_protect (key, pw, &result, &resultlen);
-  release_passphrase (pw);
-  xfree (key);
-  if (rc)
-    {
-      log_error ("protecting the key failed: %s\n", gpg_strerror (rc));
-      return;
-    }
-  
-  if (opt_armor)
-    {
-      char *p = make_advanced (result, resultlen);
-      xfree (result);
-      if (!p)
-        return;
-      result = (unsigned char*)p;
-      resultlen = strlen (p);
-    }
-
-  if (opt_store)
-    store_private_key (grip, result, resultlen, opt_force);
-  else
-    fwrite (result, resultlen, 1, stdout);
-
-  xfree (result);
-}
-#endif
-
-
-
-#if 0
-static gcry_mpi_t *
-sexp_to_kparms (gcry_sexp_t sexp)
-{
-  gcry_sexp_t list, l2;
-  const char *name;
-  const char *s;
-  size_t n;
-  int i, idx;
-  const char *elems;
-  gcry_mpi_t *array;
-
-  list = gcry_sexp_find_token (sexp, "private-key", 0 );
-  if(!list)
-    return NULL; 
-  l2 = gcry_sexp_cadr (list);
-  gcry_sexp_release (list);
-  list = l2;
-  name = gcry_sexp_nth_data (list, 0, &n);
-  if(!name || n != 3 || memcmp (name, "rsa", 3))
-    {
-      gcry_sexp_release (list);
-      return NULL;
-    }
-
-  /* Parameter names used with RSA. */
-  elems = "nedpqu";
-  array = xcalloc (strlen(elems) + 1, sizeof *array);
-  for (idx=0, s=elems; *s; s++, idx++ ) 
-    {
-      l2 = gcry_sexp_find_token (list, s, 1);
-      if (!l2)
-        {
-          for (i=0; i<idx; i++)
-            gcry_mpi_release (array[i]);
-          xfree (array);
-          gcry_sexp_release (list);
-          return NULL; /* required parameter not found */
-	}
-      array[idx] = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
-      gcry_sexp_release (l2);
-      if (!array[idx])
-        {
-          for (i=0; i<idx; i++)
-            gcry_mpi_release (array[i]);
-          xfree (array);
-          gcry_sexp_release (list);
-          return NULL; /* required parameter is invalid */
-	}
-    }
-  
-  gcry_sexp_release (list);
-  return array;
-}
-#endif
-
-/* Check whether STRING is a KEYGRIP, i.e has the correct length and
-   does only consist of uppercase hex characters. */
-/* static int */
-/* is_keygrip (const char *string) */
-/* { */
-/*   int i; */
-
-/*   for(i=0; string[i] && i < 41; i++)  */
-/*     if (!strchr("01234567890ABCDEF", string[i])) */
-/*       return 0;  */
-/*   return i == 40; */
-/* } */
-
-
-#if 0
-static void
-export_p12_file (const char *fname)
-{
-  int rc;
-  gcry_mpi_t kparms[9], *kp;
-  unsigned char *key;
-  size_t keylen;
-  gcry_sexp_t private;
-  struct rsa_secret_key_s sk;
-  int i;
-  unsigned char *cert = NULL;
-  size_t certlen = 0;
-  int keytype;
-  size_t keylen_for_wipe = 0;
-  char *pw;
-
-  if ( is_keygrip (fname) )
-    {
-      char hexgrip[40+4+1];
-      char *p;
-  
-      assert (strlen(fname) == 40);
-      strcpy (stpcpy (hexgrip, fname), ".key");
-
-      p = make_filename (opt_homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
-      key = read_key (p);
-      xfree (p);
-    }
-  else
-    key = read_key (fname);
-
-  if (!key)
-    return;
-
-  keytype = agent_private_key_type (key);
-  if (keytype == PRIVATE_KEY_PROTECTED)
-    {
-      unsigned char *tmpkey;
-      size_t tmplen;
-
-      rc = agent_unprotect (key, (pw=get_passphrase (1)),
-                            NULL, &tmpkey, &tmplen);
-      release_passphrase (pw);
-      if (rc)
-        {
-          if (opt_status_msg && gpg_err_code (rc) == GPG_ERR_BAD_PASSPHRASE )
-            log_info ("[PROTECT-TOOL:] bad-passphrase\n");
-          log_error ("unprotecting key `%s' failed: %s\n",
-                     fname, gpg_strerror (rc));
-          xfree (key);
-          return;
-        }
-      xfree (key);
-      key = tmpkey;
-      keylen_for_wipe = tmplen;
-
-      keytype = agent_private_key_type (key);
-    }
-
-  if (keytype == PRIVATE_KEY_SHADOWED)
-    {
-      log_error ("`%s' is a shadowed private key - can't export it\n", fname);
-      wipememory (key, keylen_for_wipe);
-      xfree (key);
-      return;
-    }
-  else if (keytype != PRIVATE_KEY_CLEAR)
-    {
-      log_error ("\%s' is not a private key\n", fname);
-      wipememory (key, keylen_for_wipe);
-      xfree (key);
-      return;
-    }
-
-
-  if (opt_have_cert)
-    {
-      cert = (unsigned char*)read_file ("-", &certlen);
-      if (!cert)
-        {
-          wipememory (key, keylen_for_wipe);
-          xfree (key);
-          return;
-        }
-    }
-
-
-  if (gcry_sexp_new (&private, key, 0, 0))
-    {
-      log_error ("gcry_sexp_new failed\n");
-      wipememory (key, keylen_for_wipe);
-      xfree (key);
-      xfree (cert);
-      return;
-    } 
-  wipememory (key, keylen_for_wipe);
-  xfree (key);
-
-  kp = sexp_to_kparms (private);
-  gcry_sexp_release (private);
-  if (!kp)
-    {
-      log_error ("error converting key parameters\n");
-      xfree (cert);
-      return;
-    } 
-  sk.n = kp[0];
-  sk.e = kp[1];
-  sk.d = kp[2];
-  sk.p = kp[3];
-  sk.q = kp[4];
-  sk.u = kp[5];
-  xfree (kp);
-
- 
-  kparms[0] = sk.n;
-  kparms[1] = sk.e;
-  kparms[2] = sk.d;
-  kparms[3] = sk.q;
-  kparms[4] = sk.p;
-  kparms[5] = gcry_mpi_snew (0);  /* compute d mod (p-1) */
-  gcry_mpi_sub_ui (kparms[5], kparms[3], 1);
-  gcry_mpi_mod (kparms[5], sk.d, kparms[5]);   
-  kparms[6] = gcry_mpi_snew (0);  /* compute d mod (q-1) */
-  gcry_mpi_sub_ui (kparms[6], kparms[4], 1);
-  gcry_mpi_mod (kparms[6], sk.d, kparms[6]);   
-  kparms[7] = sk.u;
-  kparms[8] = NULL;
-
-  pw = get_passphrase (3);
-  key = p12_build (kparms, cert, certlen, pw, opt_p12_charset, &keylen);
-  release_passphrase (pw);
-  xfree (cert);
-  for (i=0; i < 8; i++)
-    gcry_mpi_release (kparms[i]);
-  if (!key)
-    return;
-  
-#ifdef HAVE_DOSISH_SYSTEM
-  setmode ( fileno (stdout) , O_BINARY );
-#endif
-  fwrite (key, keylen, 1, stdout);
-  xfree (key);
-}
-#endif
-
 
 
 int
@@ -973,8 +588,6 @@ main (int argc, char **argv )
         case oShadow: cmd = oShadow; break;
         case oShowShadowInfo: cmd = oShowShadowInfo; break;
         case oShowKeygrip: cmd = oShowKeygrip; break;
-        case oP12Charset: opt_p12_charset = pargs.r.ret_str; break;
-
         case oS2Kcalibration: cmd = oS2Kcalibration; break;
 
         case oPassphrase: opt_passphrase = pargs.r.ret_str; break;
@@ -1114,67 +727,3 @@ release_passphrase (char *pw)
     }
 }
 
-#if 0
-static int
-store_private_key (const unsigned char *grip,
-                   const void *buffer, size_t length, int force)
-{
-  char *fname;
-  estream_t fp;
-  char hexgrip[40+4+1];
-  
-  bin2hex (grip, 20, hexgrip);
-  strcpy (hexgrip+40, ".key");
-
-  fname = make_filename (opt_homedir, GNUPG_PRIVATE_KEYS_DIR, hexgrip, NULL);
-  if (force)
-    fp = es_fopen (fname, "wb");
-  else
-    {
-      if (!access (fname, F_OK))
-      {
-        if (opt_status_msg)
-          log_info ("[PROTECT-TOOL:] secretkey-exists\n");
-        if (opt_no_fail_on_exist)
-          log_info ("secret key file `%s' already exists\n", fname);
-        else
-          log_error ("secret key file `%s' already exists\n", fname);
-        xfree (fname);
-        return opt_no_fail_on_exist? 0 : -1;
-      }
-      /* FWIW: Under Windows Vista the standard fopen in the msvcrt
-         fails if the "x" GNU extension is used.  */
-      fp = es_fopen (fname, "wbx"); 
-    }
-
-  if (!fp) 
-    { 
-      log_error ("can't create `%s': %s\n", fname, strerror (errno));
-      xfree (fname);
-      return -1;
-    }
-
-  if (es_fwrite (buffer, length, 1, fp) != 1)
-    {
-      log_error ("error writing `%s': %s\n", fname, strerror (errno));
-      es_fclose (fp);
-      gnupg_remove (fname);
-      xfree (fname);
-      return -1;
-    }
-  if (es_fclose (fp))
-    {
-      log_error ("error closing `%s': %s\n", fname, strerror (errno));
-      gnupg_remove (fname);
-      xfree (fname);
-      return -1;
-    }
-  log_info ("secret key stored as `%s'\n", fname);
-
-  if (opt_status_msg)
-    log_info ("[PROTECT-TOOL:] secretkey-stored\n");
-
-  xfree (fname);
-  return 0;
-}
-#endif