chiark / gitweb /
Split underlying machinery into a separate package.
[distorted-keys] / cryptop.recover
CommitLineData
c47f2aba 1#! /bin/sh
599c8f75 2###
c47f2aba 3### Recover a user key nub
599c8f75
MW
4###
5### (c) 2011 Mark Wooding
6###
7
8###----- Licensing notice ---------------------------------------------------
9###
10### This file is part of the distorted.org.uk key management suite.
11###
12### distorted-keys is free software; you can redistribute it and/or modify
13### it under the terms of the GNU General Public License as published by
14### the Free Software Foundation; either version 2 of the License, or
15### (at your option) any later version.
16###
17### distorted-keys is distributed in the hope that it will be useful,
18### but WITHOUT ANY WARRANTY; without even the implied warranty of
19### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20### GNU General Public License for more details.
21###
22### You should have received a copy of the GNU General Public License
23### along with distorted-keys; if not, write to the Free Software Foundation,
24### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25
26set -e
27case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
28. "$KEYSLIB"/keyfunc.sh
29
30defhelp <<HELP
c47f2aba
MW
31KEY RECOV
32Recover the named user KEY using a blob protected using the recovery key
33RECOV; it is an error if RECOV is not currently revealed.
599c8f75 34HELP
599c8f75 35
c47f2aba
MW
36case $# in 2) ;; *) usage_err ;; esac
37key=$1 recov=$2
38parse_keylabel "$key"
39if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
599c8f75 40checkword "recovery key label" "$recov"
e9cf7079
MW
41case $kowner in
42 $USERV_USER) ;;
43 *) echo >&2 "$quis: you're not the owner of key \`$key'"; exit 1 ;;
44esac
599c8f75 45
c47f2aba
MW
46mktmp
47nubid=$(cat $kdir/nubid)
48readmeta $kdir
e9cf7079 49read_profile $kowner "$profile"
c47f2aba
MW
50if [ -f $knub ]; then
51 nubbin=$(nubid <$knub)
52 case "$nubbin" in
53 "$nubid")
54 echo >&2 "$quis: key \`$key' doesn't need recovery"
55 exit 1
56 ;;
57 esac
58fi
59
60umask 077
61recover $recov $kowner/$klabel >$knub.new
62nubbin=$(nubid <$knub.new)
63case "$nubbin" in
64 "$nubid") ;;
65 *)
66 echo >&2 "$quis: recovery produced incorrect nub"
67 exit 1
68 ;;
69esac
70mv $knub.new $knub
599c8f75
MW
71
72###----- That's all, folks --------------------------------------------------