X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/distorted-keys/blobdiff_plain/fff6c65302469302612a246bbc02f453827f4b99..865fc4a1c4add30fbf1b6ab9569682d82e8da7c9:/keyfunc.sh.in?ds=sidebyside

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index dda8a2e..6cba169 100644
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -322,6 +322,7 @@ nubid () {
   ## to demonstrate the same idiocy as GNU mumblesum.
   set _ $({ echo "distorted-keys nubid"; cat -; } |
     openssl dgst -${kprop_nubid_hash-sha256})
+  if [ $# -gt 2 ]; then shift; fi
   echo $2
 }
 
@@ -611,21 +612,23 @@ stash () {
 }
 
 recover () {
-  recov=$1 label=$2
+  recov=$1 inst=$2 label=$3
   ## Recover a stashed secret, protected by RECOV and stored as LABEL, and
   ## write it to stdout.
   checkword "recovery key label" "$recov"
+  checkword "recovery instance" "$inst"
   checklabel "secret" "$label"
 
-  rdir=$KEYS/recov/$recov/current
+  rdir=$KEYS/recov/$recov/$inst
   if [ ! -f $rdir/$label.recov ]; then
-    echo >&2 "$quis: no blob for \`$label' under recovery key \`$recov'"
+    echo >&2 "$quis: no blob for \`$label' under recovery key \`$recov/$inst'"
     exit 1
   fi
   reqsafe
-  nub=$SAFE/keys.reveal/$recov.current/nub
+  tag=$recov.$inst
+  nub=$SAFE/keys.reveal/$tag/nub
   if [ ! -f $nub ]; then
-    echo >&2 "$quis: current recovery key \`$recov' not revealed"
+    echo >&2 "$quis: current recovery key \`$recov/$inst' not revealed"
     exit 1;
   fi
   mktmp