#
#
# patch "README.encapsulation"
#  from [3b667a0be78f2bbc3c208bc9206818681e558c23]
#    to [47dd34f2a819d435a14fc79be8eb88ec7d5f7ebe]
# 
# patch "app_state.hh"
#  from [b556393474ffd1133a0d72c549e5ef4b0346d05f]
#    to [16db55f17f20a2b5231a77cd49b45e95d9e0ff62]
# 
# patch "key_store.hh"
#  from [8912c391c7e6ea8a925ffb9cd8c9f5b3859bd139]
#    to [f8487eb86cc407c597623267abecfc807eb4dc12]
# 
# patch "keys.cc"
#  from [7472ecab5f0641259a167d7b1c66c258d52846c8]
#    to [248765402f735b03226c4ea08c0571b23ef211fa]
#
============================================================
--- README.encapsulation	3b667a0be78f2bbc3c208bc9206818681e558c23
+++ README.encapsulation	47dd34f2a819d435a14fc79be8eb88ec7d5f7ebe
@@ -199,12 +199,11 @@ keys.cc:
     app.opts.ssh_sign
     app.keys...
     app.agent
-    app.signers
     app.lua.hook_persist_phrase_ok()
     needs: check_signature()
 
   check_signature():
-    app.verifiers
+    app.keys...
     app.lua.hook_persist_phrase_ok
 
   encrypt_rsa():
============================================================
--- app_state.hh	b556393474ffd1133a0d72c549e5ef4b0346d05f
+++ app_state.hh	16db55f17f20a2b5231a77cd49b45e95d9e0ff62
@@ -13,11 +13,6 @@ class lua_hooks;
 class app_state;
 class lua_hooks;
 
-#include <map>
-#include <vector>
-
-#include <boost/shared_ptr.hpp>
-
 #include "database.hh"
 #include "key_store.hh"
 #include "lua_hooks.hh"
@@ -28,13 +23,6 @@ class lua_hooks;
 #include "work.hh"
 #include "ssh_agent.hh"
 
-namespace Botan
-{
-  class PK_Signer;
-  class RSA_PrivateKey;
-  class PK_Verifier;
-  class RSA_PublicKey;
-};
 
 // This class is supposed to hold all (or.. well, most) of the state
 // of the application, barring some unfortunate static objects like
@@ -56,18 +44,6 @@ public:
   bool found_workspace;
   bool branch_is_sticky;
 
-  // These are used to cache signers/verifiers (if the hook allows).
-  // They can't be function-static variables in key.cc, since they
-  // must be destroyed before the Botan deinitialize() function is
-  // called.
-
-  std::map<rsa_keypair_id,
-    std::pair<boost::shared_ptr<Botan::PK_Signer>,
-        boost::shared_ptr<Botan::RSA_PrivateKey> > > signers;
-  std::map<rsa_keypair_id,
-    std::pair<boost::shared_ptr<Botan::PK_Verifier>,
-        boost::shared_ptr<Botan::RSA_PublicKey> > > verifiers;
-
   void allow_workspace();
   void process_options();
   void require_workspace(std::string const & explanation = "");
============================================================
--- key_store.hh	8912c391c7e6ea8a925ffb9cd8c9f5b3859bd139
+++ key_store.hh	f8487eb86cc407c597623267abecfc807eb4dc12
@@ -1,12 +1,24 @@
 #ifndef __KEY_STORE_H__
 #define __KEY_STORE_H__
 
 #include <map>
+#include <vector>
+
+#include <boost/shared_ptr.hpp>
+
 #include "vocab.hh"
 #include "paths.hh"
 
 class app_state;
 
+namespace Botan
+{
+  class PK_Signer;
+  class RSA_PrivateKey;
+  class PK_Verifier;
+  class RSA_PublicKey;
+};
+
 class key_store
 {
 private:
@@ -48,6 +60,18 @@ public:
                          
 
   void delete_key(rsa_keypair_id const & ident);
+
+  // These are used to cache signers/verifiers (if the hook allows).
+  // They can't be function-static variables in key.cc, since they
+  // must be destroyed before the Botan deinitialize() function is
+  // called.
+
+  std::map<rsa_keypair_id,
+    std::pair<boost::shared_ptr<Botan::PK_Signer>,
+        boost::shared_ptr<Botan::RSA_PrivateKey> > > signers;
+  std::map<rsa_keypair_id,
+    std::pair<boost::shared_ptr<Botan::PK_Verifier>,
+        boost::shared_ptr<Botan::RSA_PublicKey> > > verifiers;
 };
 
 // Local Variables:
============================================================
--- keys.cc	7472ecab5f0641259a167d7b1c66c258d52846c8
+++ keys.cc	248765402f735b03226c4ea08c0571b23ef211fa
@@ -435,13 +435,13 @@ make_signature(app_state & app,         
       // you're making a half-dozen certs during a commit or merge or
       // something.
 
-      bool persist_phrase = (!app.signers.empty())
+      bool persist_phrase = (!app.keys.signers.empty())
         || app.lua.hook_persist_phrase_ok();
 
       shared_ptr<PK_Signer> signer;
       shared_ptr<RSA_PrivateKey> priv_key;
-      if (persist_phrase && app.signers.find(id) != app.signers.end())
-        signer = app.signers[id].first;
+      if (persist_phrase && app.keys.signers.find(id) != app.keys.signers.end())
+        signer = app.keys.signers[id].first;
 
       else
         {
@@ -459,7 +459,7 @@ make_signature(app_state & app,         
            * away after we leave this scope. Hence we store a pair of
            * <verifier,key> so they both exist. */
           if (persist_phrase)
-            app.signers.insert(make_pair(id,make_pair(signer,priv_key)));
+            app.keys.signers.insert(make_pair(id,make_pair(signer,priv_key)));
         }
 
       sig = signer->sign_message(reinterpret_cast<Botan::byte const *>(tosign.data()), tosign.size());
@@ -496,13 +496,13 @@ check_signature(app_state &app,
 {
   // examine pubkey
 
-  bool persist_phrase = (!app.verifiers.empty()) || app.lua.hook_persist_phrase_ok();
+  bool persist_phrase = (!app.keys.verifiers.empty()) || app.lua.hook_persist_phrase_ok();
 
   shared_ptr<PK_Verifier> verifier;
   shared_ptr<RSA_PublicKey> pub_key;
   if (persist_phrase
-      && app.verifiers.find(id) != app.verifiers.end())
-    verifier = app.verifiers[id].first;
+      && app.keys.verifiers.find(id) != app.keys.verifiers.end())
+    verifier = app.keys.verifiers[id].first;
 
   else
     {
@@ -525,7 +525,7 @@ check_signature(app_state &app,
        * away after we leave this scope. Hence we store a pair of
        * <verifier,key> so they both exist. */
       if (persist_phrase)
-        app.verifiers.insert(make_pair(id, make_pair(verifier, pub_key)));
+        app.keys.verifiers.insert(make_pair(id, make_pair(verifier, pub_key)));
     }
 
   // examine signature