more progress. recovery seems to be working now.

[distorted-keys] / recover

#! /bin/sh
###
### Recover a secret stashed earlier
###
### (c) 2011 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the distorted.org.uk key management suite.
###
### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

set -e
case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
. "$KEYSLIB"/keyfunc.sh

defhelp <<HELP
RECOV LABEL
Recover the secret LABEL using recovery key RECOV.

The recovery key must be revealed.  The secret is written to stdout.
HELP
dohelp

## Parse the command line.
case $# in 2) ;; *) echo >&2 "$usage"; exit 1 ;; esac
recov=$1 label=$2
checklabel "recovery key label" "$recov"
checklabel "secret" "$label"

## Do the recovery.
blob=$KEYS/recov/$recov/current/$label.recov
if [ ! -f $blob ]; then
  echo >&2 "$quis: no recovery blob for secret \`$label'"
  exit 1
fi
mem=$(userv root claim-mem-dir </dev/null)
reveal=$mem/keys.reveal/$recov.current/secret
if [ ! -f $reveal ]; then
  echo >&2 "$quis: current $recov key not revealed"
  exit 1
fi
tmp=$(mktmp); cleanup rmtmp
ec_decrypt $reveal -i$blob

###----- That's all, folks --------------------------------------------------