. "$KEYSLIB"/keyfunc.sh
defhelp <<HELP
-KEY RECOV
+[-i INST] KEY RECOV
Recover the named user KEY using a blob protected using the recovery key
RECOV; it is an error if RECOV is not currently revealed.
HELP
+inst=current
+while getopts "i:" opt; do
+ case "$opt" in
+ i) inst=$OPTARG ;;
+ *) usage_err ;;
+ esac
+done
+shift $(( $OPTIND - 1 ))
case $# in 2) ;; *) usage_err ;; esac
key=$1 recov=$2
parse_keylabel "$key"
if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
+checkword "recovery instance" "$inst"
checkword "recovery key label" "$recov"
case $kowner in
$USERV_USER) ;;
fi
umask 077
-recover $recov $kowner/$klabel >$knub.new
+recover $recov $inst $kowner/$klabel >$knub.new
nubbin=$(nubid <$knub.new)
case "$nubbin" in
"$nubid") ;;
*)
+ rm -f $knub.new
echo >&2 "$quis: recovery produced incorrect nub"
exit 1
;;
~mdw / distorted-keys / blobdiff