[distorted-keys] / cryptop.recover

#! /bin/sh
###
### Recover a user key nub
###
### (c) 2011 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the distorted.org.uk key management suite.
###
### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

set -e
case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
. "$KEYSLIB"/keyfunc.sh

defhelp <<HELP
[-i INST] KEY RECOV
Recover the named user KEY using a blob protected using the recovery key
RECOV; it is an error if RECOV is not currently revealed.
HELP

inst=current
while getopts "i:" opt; do
  case "$opt" in
    i) inst=$OPTARG ;;
    *) usage_err ;;
  esac
done
shift $(( $OPTIND - 1 ))
case $# in 2) ;; *) usage_err ;; esac
key=$1 recov=$2
parse_keylabel "$key"
if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
checkword "recovery instance" "$inst"
checkword "recovery key label" "$recov"
case $kowner in
  $USERV_USER) ;;
  *) echo >&2 "$quis: you're not the owner of key \`$key'"; exit 1 ;;
esac

mktmp
nubid=$(cat $kdir/nubid)
readmeta $kdir
read_profile $kowner "$profile"
if [ -f $knub ]; then
  nubbin=$(nubid <$knub)
  case "$nubbin" in
    "$nubid")
      echo >&2 "$quis: key \`$key' doesn't need recovery"
      exit 1
      ;;
  esac
fi

umask 077
recover $recov $inst $kowner/$klabel >$knub.new
nubbin=$(nubid <$knub.new)
case "$nubbin" in
  "$nubid") ;;
  *)
    echo >&2 "$quis: recovery produced incorrect nub"
    exit 1
    ;;
esac
mv $knub.new $knub

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
c47f2aba	1	#! /bin/sh
599c8f75	2	###
c47f2aba	3	### Recover a user key nub
599c8f75 MW	4	###
	5	### (c) 2011 Mark Wooding
	6	###
	7
	8	###----- Licensing notice ---------------------------------------------------
	9	###
	10	### This file is part of the distorted.org.uk key management suite.
	11	###
	12	### distorted-keys is free software; you can redistribute it and/or modify
	13	### it under the terms of the GNU General Public License as published by
	14	### the Free Software Foundation; either version 2 of the License, or
	15	### (at your option) any later version.
	16	###
	17	### distorted-keys is distributed in the hope that it will be useful,
	18	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	### GNU General Public License for more details.
	21	###
	22	### You should have received a copy of the GNU General Public License
	23	### along with distorted-keys; if not, write to the Free Software Foundation,
	24	### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25
	26	set -e
	27	case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
	28	. "$KEYSLIB"/keyfunc.sh
	29
	30	defhelp <<HELP
ae0eb898	31	[-i INST] KEY RECOV
c47f2aba MW	32	Recover the named user KEY using a blob protected using the recovery key
c47f2aba MW	33	RECOV; it is an error if RECOV is not currently revealed.
599c8f75	34	HELP
599c8f75	35
ae0eb898 MW	36	inst=current
	37	while getopts "i:" opt; do
	38	case "$opt" in
	39	i) inst=$OPTARG ;;
	40	*) usage_err ;;
	41	esac
	42	done
	43	shift $(( $OPTIND - 1 ))
c47f2aba MW	44	case $# in 2) ;; *) usage_err ;; esac
	45	key=$1 recov=$2
	46	parse_keylabel "$key"
	47	if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
ae0eb898	48	checkword "recovery instance" "$inst"
599c8f75	49	checkword "recovery key label" "$recov"
e9cf7079 MW	50	case $kowner in
	51	$USERV_USER) ;;
	52	*) echo >&2 "$quis: you're not the owner of key \`$key'"; exit 1 ;;
	53	esac
599c8f75	54
c47f2aba MW	55	mktmp
	56	nubid=$(cat $kdir/nubid)
	57	readmeta $kdir
e9cf7079	58	read_profile $kowner "$profile"
c47f2aba MW	59	if [ -f $knub ]; then
	60	nubbin=$(nubid <$knub)
	61	case "$nubbin" in
	62	"$nubid")
	63	echo >&2 "$quis: key \`$key' doesn't need recovery"
	64	exit 1
	65	;;
	66	esac
	67	fi
	68
	69	umask 077
ae0eb898	70	recover $recov $inst $kowner/$klabel >$knub.new
c47f2aba MW	71	nubbin=$(nubid <$knub.new)
	72	case "$nubbin" in
	73	"$nubid") ;;
	74	*)
	75	echo >&2 "$quis: recovery produced incorrect nub"
	76	exit 1
	77	;;
	78	esac
	79	mv $knub.new $knub
599c8f75 MW	80
599c8f75 MW	81	###----- That's all, folks --------------------------------------------------