chiark / gitweb /
~mdw / distorted-keys / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
keyfunc.sh.in: Fix the OpenSSL `dgst' rune.
[distorted-keys] / keys.reveal
diff --git a/keys.reveal b/keys.reveal
index a93ec9050ff6d43e821c8549bc000aed5cee9bdc..9e18879abf62b470e199fe2cb593cc08c6ebbdd3 100755 (executable)
--- a/keys.reveal
+++ b/keys.reveal
@@ -28,19 +28,15 @@ case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
 . "$KEYSLIB"/keyfunc.sh
 
 defhelp <<HELP
-RECOV KEEPER [NUB]
+RECOV KEEPER
 Reveal a share of a recovery key distributed among keepers.
 
 If enough shares have been revealed, reconstruct the recovery private key.
-The keeper nub is read from NUB, or stdin if NUB is omitted or \`-'.
+The keeper nub is read from stdin.
 HELP
 
 ## Parse the command line.
-case $# in
-  2) if [ -t 0 ]; then echo >&2 "$quis: stdin is a terminal"; exit 1; fi ;;
-  3) ;;
-  *) usage_err ;;
-esac
+case $# in 2) ;; *) usage_err ;; esac
 recov=$1 keeper=$2; shift 2
 checklabel "recovery key" "$recov"
 case "$recov" in
@@ -65,27 +61,10 @@ fi
 
 ## Grab the key, because we'll need to read it several times.
 mktmp
-cat -- "$@" >$tmp/secret
+cat >$tmp/secret
 
 ## Read the threshold from the recovery metadata.
-read param <$KEYS/recov/$recov/$keeper.param
-case "$param" in
-  shamir-params:*) ;;
-  *)
-    echo >&2 "$quis: secret sharing parameter file damaged (wrong header)"
-    exit 1
-    ;;
-esac
-t=";${param#*:}"
-case "$t" in
-  *";t="*) ;;
-  *)
-    echo >&2 "$quis: secret sharing parameter file damaged (missing t)"
-    exit 1
-    ;;
-esac
-t=${t#*;t=}
-t=${t%%;*}
+t=$(sharethresh $KEYS/recov/$recov/$keeper.param)
 
 ## Find out which keeper index it corresponds to.
 read n hunoz <$KEYS/keeper/$keeper/meta
@@ -133,7 +112,7 @@ if [ $n -lt $t ]; then
   echo >&2 "$quis: share $i revealed; $(( $t - $n )) more required"
 else
   cat $KEYS/recov/$recov/$keeper.param $keeper.*.share >$keeper.shares
-  shamir recover <$keeper.shares >nub.new
+  $bindir/shamir recover <$keeper.shares >nub.new
   c_sysprepare $KEYS/recov/$recov/store
   nubbin=$(nubid <nub.new)
   nubid=$(cat $KEYS/recov/$recov/store/nubid)
A Userv-based key management system.