keys.conf: New file, suggesting a possible implementation of `$SAFE'.

[distorted-keys] / keyfunc.sh.in

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index 6316816d075644f3f37fb9cb9c6e261705d6ae3e..a618e666a1ddd4dbd49ce343827bfb3c4e95e946 100644 (file)
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -308,8 +308,11 @@ nubid () {
   ## Compute a hash of the key nub in stdin, and write it to stdout in hex.
   ## The property `nubid_hash' is used.
 
-  { echo "distorted-keys nubid"; cat -; } |
-  openssl dgst -${kprop_nubid_hash-sha256}
+  ## Stupid dance because the output incompatibly grew a filename, in order
+  ## to demonstrate the same idiocy as GNU mumblesum.
+  set _ $({ echo "distorted-keys nubid"; cat -; } |
+    openssl dgst -${kprop_nubid_hash-sha256})
+  echo $2
 }
 
 subst () {
@@ -382,7 +385,7 @@ read_profile () {
   case $uservp in
     t)
       checkword "profile user" "$user"
-      userv "$user" cryptop-profile "$label" >$tmp/profile
+      userv "$user" cryptop-profile "$label" >$tmp/profile </dev/null
       ;;
     nil)
       $bindir/extract-profile "$label" $ETC/profile.d/ >$tmp/profile
@@ -554,6 +557,31 @@ c_sysverify () { c_sysop verify "$1" /dev/null; }
 ###--------------------------------------------------------------------------
 ### Recovery operations.
 
+sharethresh () {
+  pf=$1
+  ## Return the sharing threshold from the parameter file PARAM.
+
+  read param <"$pf"
+  case "$param" in
+    shamir-params:*) ;;
+    *)
+      echo >&2 "$quis: secret sharing parameter file damaged (wrong header)"
+      exit 1
+      ;;
+  esac
+  t=";${param#*:}"
+  case "$t" in
+    *";t="*) ;;
+    *)
+      echo >&2 "$quis: secret sharing parameter file damaged (missing t)"
+      exit 1
+      ;;
+  esac
+  t=${t#*;t=}
+  t=${t%%;*}
+  echo "$t"
+}
+
 stash () {
   recov=$1 label=$2
   ## Stash a copy of stdin encrypted under the recovery key RECOV, with a