[distorted-keys] / cryptop.recover

#! /bin/sh
###
### Recover a user key nub
###
### (c) 2011 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the distorted.org.uk key management suite.
###
### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

set -e
case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
. "$KEYSLIB"/keyfunc.sh

defhelp <<HELP
KEY RECOV
Recover the named user KEY using a blob protected using the recovery key
RECOV; it is an error if RECOV is not currently revealed.
HELP

case $# in 2) ;; *) usage_err ;; esac
key=$1 recov=$2
parse_keylabel "$key"
if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
checkword "recovery key label" "$recov"

mktmp
nubid=$(cat $kdir/nubid)
readmeta $kdir
read_profile "$profile"
if [ -f $knub ]; then
  nubbin=$(nubid <$knub)
  case "$nubbin" in
    "$nubid")
      echo >&2 "$quis: key \`$key' doesn't need recovery"
      exit 1
      ;;
  esac
fi

umask 077
recover $recov $kowner/$klabel >$knub.new
nubbin=$(nubid <$knub.new)
case "$nubbin" in
  "$nubid") ;;
  *)
    echo >&2 "$quis: recovery produced incorrect nub"
    exit 1
    ;;
esac
mv $knub.new $knub

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
c47f2aba	1	#! /bin/sh
599c8f75	2	###
c47f2aba	3	### Recover a user key nub
599c8f75 MW	4	###
	5	### (c) 2011 Mark Wooding
	6	###
	7
	8	###----- Licensing notice ---------------------------------------------------
	9	###
	10	### This file is part of the distorted.org.uk key management suite.
	11	###
	12	### distorted-keys is free software; you can redistribute it and/or modify
	13	### it under the terms of the GNU General Public License as published by
	14	### the Free Software Foundation; either version 2 of the License, or
	15	### (at your option) any later version.
	16	###
	17	### distorted-keys is distributed in the hope that it will be useful,
	18	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	19	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	### GNU General Public License for more details.
	21	###
	22	### You should have received a copy of the GNU General Public License
	23	### along with distorted-keys; if not, write to the Free Software Foundation,
	24	### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	25
	26	set -e
	27	case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
	28	. "$KEYSLIB"/keyfunc.sh
	29
	30	defhelp <<HELP
c47f2aba MW	31	KEY RECOV
	32	Recover the named user KEY using a blob protected using the recovery key
	33	RECOV; it is an error if RECOV is not currently revealed.
599c8f75	34	HELP
599c8f75	35
c47f2aba MW	36	case $# in 2) ;; *) usage_err ;; esac
	37	key=$1 recov=$2
	38	parse_keylabel "$key"
	39	if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
599c8f75	40	checkword "recovery key label" "$recov"
599c8f75	41
c47f2aba MW	42	mktmp
	43	nubid=$(cat $kdir/nubid)
	44	readmeta $kdir
	45	read_profile "$profile"
	46	if [ -f $knub ]; then
	47	nubbin=$(nubid <$knub)
	48	case "$nubbin" in
	49	"$nubid")
	50	echo >&2 "$quis: key \`$key' doesn't need recovery"
	51	exit 1
	52	;;
	53	esac
	54	fi
	55
	56	umask 077
	57	recover $recov $kowner/$klabel >$knub.new
	58	nubbin=$(nubid <$knub.new)
	59	case "$nubbin" in
	60	"$nubid") ;;
	61	*)
	62	echo >&2 "$quis: recovery produced incorrect nub"
	63	exit 1
	64	;;
	65	esac
	66	mv $knub.new $knub
599c8f75 MW	67
599c8f75 MW	68	###----- That's all, folks --------------------------------------------------