From 599c8f754492a6555503fedb8a2662ec229fb8e8 Mon Sep 17 00:00:00 2001
Message-Id: <599c8f754492a6555503fedb8a2662ec229fb8e8.1714006969.git.mdw@distorted.org.uk>
From: Mark Wooding <mdw@chiark.greenend.org.uk>
Date: Sat, 17 Dec 2011 00:15:00 +0000
Subject: [PATCH] more progress.  recovery seems to be working now.
Organization: Straylight/Edgeware

From: Mark Wooding <mdw@distorted.org.uk>

---
 .skelrc       |  8 +++++++
 Makefile.am   | 10 ++++++---
 configure.ac  |  8 ++++---
 keeper-cards  |  8 ++++---
 keyfunc.sh.in | 44 ++++++++++++++++++++++++++++++++------
 keys.in       |  8 ++++---
 new-keeper    |  8 ++++---
 new-recov     | 23 +++++++++++++-------
 recover       | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++
 reveal        | 52 ++++++++++++++++++++++-----------------------
 shamir.in     |  8 ++++---
 stash         | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++
 12 files changed, 236 insertions(+), 58 deletions(-)
 create mode 100644 .skelrc
 create mode 100644 recover
 create mode 100644 stash

diff --git a/.skelrc b/.skelrc
new file mode 100644
index 0000000..24a6db1
--- /dev/null
+++ b/.skelrc
@@ -0,0 +1,8 @@
+;;; -*-emacs-lisp-*-
+
+(setq skel-alist
+      (append
+       '((author . "Mark Wooding")
+	 (program . "distorted-keys")
+	 (full-title . "the distorted.org.uk key management suite"))
+       skel-alist))
diff --git a/Makefile.am b/Makefile.am
index d10e7de..12168f6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 bin_SCRIPTS		 =
@@ -79,6 +81,8 @@ keyfunc.sh: keyfunc.sh.in Makefile
 dist_pkglib_SCRIPTS	+= keeper-cards
 dist_pkglib_SCRIPTS	+= new-keeper
 dist_pkglib_SCRIPTS	+= new-recov
+dist_pkglib_SCRIPTS	+= recover
 dist_pkglib_SCRIPTS	+= reveal
+dist_pkglib_SCRIPTS	+= stash
 
 ###----- That's all, folks --------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 859c839..44cdbd2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,18 +7,20 @@ dnl
 
 dnl----- Licensing notice ---------------------------------------------------
 dnl
-dnl This program is free software; you can redistribute it and/or modify
+dnl This file is part of the distorted.org.uk key management suite.
+dnl
+dnl distorted-keys is free software; you can redistribute it and/or modify
 dnl it under the terms of the GNU General Public License as published by
 dnl the Free Software Foundation; either version 2 of the License, or
 dnl (at your option) any later version.
 dnl
-dnl This program is distributed in the hope that it will be useful,
+dnl distorted-keys is distributed in the hope that it will be useful,
 dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
 dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 dnl GNU General Public License for more details.
 dnl
 dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software Foundation,
+dnl along with distorted-keys; if not, write to the Free Software Foundation,
 dnl Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 dnl--------------------------------------------------------------------------
diff --git a/keeper-cards b/keeper-cards
index 40089fb..359c5a2 100755
--- a/keeper-cards
+++ b/keeper-cards
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 set -e
diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index c9cf207..70da24a 100644
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 quis=${0##*/}
@@ -32,6 +34,11 @@ bindir="@bindir@"
 
 case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
 
+if [ -f $KEYS/keys.conf ]; then . $KEYS/keys.conf; fi
+: ${random=/dev/random}
+
+case "${KEYS_DEBUG+t}" in t) set -x ;; esac
+
 ###--------------------------------------------------------------------------
 ### Cleanup handling.
 
@@ -50,7 +57,7 @@ mktmp () {
   ## Make and return the name of a temporary directory.
 
   case "${tmp+t}" in t) echo "$tmp"; return ;; esac
-  mem=$(userv root claim-mem-dir)
+  mem=$(userv root claim-mem-dir </dev/null)
   tmp="$mem/keys.tmp.$$"
   rm -rf "$tmp"
   mkdir -m700 "$tmp"
@@ -80,6 +87,16 @@ checkword () {
   esac
 }
 
+checklabel () {
+  what=$1 thing=$2
+  case "$thing" in
+    *[!-0-9a-zA-Z_!%@+=/#]* | *//* | /* | */)
+      echo >&2 "$quis: bad $what label \`$thing'"
+      exit 1
+      ;;
+  esac
+}
+
 ###--------------------------------------------------------------------------
 ### Crypto operations.
 ###
@@ -118,8 +135,8 @@ ec_keygen () {
   private=$1 public=$2
   ## Make a new key, write private key to PRIVATE and public key to PUBLIC.
 
-  dd if=/dev/random bs=1 count=512 2>/dev/null |
-    openssl sha384 -binary |
+  dd if=$random bs=1 count=512 2>/dev/null |
+    openssl dgst -sha384 -binary |
     (umask 077 && openssl base64 >"$private")
   ec_public "$private" >"$public"
 }
@@ -138,6 +155,21 @@ ec_decrypt () {
   run_seccure decrypt -q -cp256 -m128 -F"$private" "$@"
 }
 
+ec_sign () {
+  private=$1; shift
+  ## Sign stuff using the PRIVATE key.  Use -i/-o or redirection.
+
+  run_seccure sign -q -cp256 -F"$private" "$@"
+}
+
+ec_verify () {
+  public=$1 signature=$2; shift
+  ## Verify a SIGNATURE using the PUBLIC key; use -i or redirection for the
+  ## input.
+
+  run_seccure verify -q -cp256 "$@" -- $(cat "$public") "$signature"
+}
+
 ###--------------------------------------------------------------------------
 ### Help text.
 
diff --git a/keys.in b/keys.in
index 357651f..7915a4f 100755
--- a/keys.in
+++ b/keys.in
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 set -e
diff --git a/new-keeper b/new-keeper
index aeb1816..05423f4 100755
--- a/new-keeper
+++ b/new-keeper
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 set -e
diff --git a/new-recov b/new-recov
index e4981f0..d221764 100755
--- a/new-recov
+++ b/new-recov
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 set -e
@@ -100,27 +102,32 @@ if [ ! -d $rdir/current ]; then
   seq=0
 else
   seq=$(readlink $rdir/current)
-  mem=$(userv root claim-mem-dir)
-  reveal=$mem/keys.reveal.$recov.current/secret
+  mem=$(userv root claim-mem-dir </dev/null)
+  reveal=$mem/keys.reveal/$recov.current/secret
   if [ ! -f $reveal ]; then
     echo >&2 "$quis: current $recov key not revealed"
     exit 1
   fi
-  find $rdir/current -type f -name '*.recov' -print | while read name; do
+
+  find $rdir/current/ -type f -name '*.recov' -print | while read name; do
     name=${name#$rdir/current/}
     case "$name" in */*) mkdir -p -m755 $rdir/new/${name%/*} ;; esac
     ec_decrypt $reveal -i$rdir/current/$name |
       ec_encrypt $rdir/new/pub -o$rdir/new/$name
   done
+  rm -r $mem/keys.reveal/$recov.current
 fi
 
-## Tidy up and commit.
+## Tidy up and commit.  Repointing the symlink is grim because, according to
+## POSIX rules, `mv foo bar' should rename `foo' to `bar/foo' is `bar' is a
+## symlink to a directory -- and there's no way of turning this behaviour
+## off.  The subterfuge here is due to Colin Watson.
 cd $rdir
 while [ -d $seq ]; do seq=$(( seq + 1 )); done
 case $kparam in *.new) mv keepers.new keepers ;; esac
 rm -f next
 ln -s $seq next
 mv new $seq
-mv next current
+mkdir hack; mv next hack/current; mv hack/current .; rmdir hack
 
 ###----- That's all, folks --------------------------------------------------
diff --git a/recover b/recover
new file mode 100644
index 0000000..b4f64d2
--- /dev/null
+++ b/recover
@@ -0,0 +1,59 @@
+#! /bin/sh
+###
+### Recover a secret stashed earlier
+###
+### (c) 2011 Mark Wooding
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### distorted-keys is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with distorted-keys; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+set -e
+case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
+. "$KEYSLIB"/keyfunc.sh
+
+defhelp <<HELP
+RECOV LABEL
+Recover the secret LABEL using recovery key RECOV.
+
+The recovery key must be revealed.  The secret is written to stdout.
+HELP
+dohelp
+
+## Parse the command line.
+case $# in 2) ;; *) echo >&2 "$usage"; exit 1 ;; esac
+recov=$1 label=$2
+checklabel "recovery key label" "$recov"
+checklabel "secret" "$label"
+
+## Do the recovery.
+blob=$KEYS/recov/$recov/current/$label.recov
+if [ ! -f $blob ]; then
+  echo >&2 "$quis: no recovery blob for secret \`$label'"
+  exit 1
+fi
+mem=$(userv root claim-mem-dir </dev/null)
+reveal=$mem/keys.reveal/$recov.current/secret
+if [ ! -f $reveal ]; then
+  echo >&2 "$quis: current $recov key not revealed"
+  exit 1
+fi
+tmp=$(mktmp); cleanup rmtmp
+ec_decrypt $reveal -i$blob
+
+###----- That's all, folks --------------------------------------------------
diff --git a/reveal b/reveal
index d409e3b..8f8e347 100755
--- a/reveal
+++ b/reveal
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 set -e
@@ -41,22 +43,16 @@ case $# in
   *) echo >&2 "$usage"; exit 1 ;;
 esac
 recov=$1 keeper=$2; shift 2
+checklabel "recovery key" "$recov"
 case "$recov" in
-  *[!-0-9a-zA-Z_!%@+=/]* | */ | /* | \
-    *[!-0-9a-zA-Z_!%@+=]*/* | */*[!-0-9a-zA-Z_!%@+=]*)
-    echo >&2 "$quis: bad recovery key label \`$recov'"
-    exit 1
-    ;;
-  */*)
-    ;;
-  *)
-    recov=$recov/current
+  */*) ;;
+  *) recov=$recov/current ;;
 esac
 checkword "keeper set label" "$keeper"
 
 ## Grab the key, because we'll need to read it several times.
 tmp=$(mktmp); cleanup rmtmp
-secret=$(cat "$@")
+secret=$(cat -- "$@")
 pub=$(ec_public /dev/stdin <<EOF
 $secret
 EOF
@@ -86,8 +82,10 @@ t=${t%%;*}
 read n hunoz <$KEYS/keeper/$keeper/meta
 i=0
 foundp=nil
+: "$pub"
 while [ $i -lt $n ]; do
   read cand <$KEYS/keeper/$keeper/$i.pub
+  : "$cand"
   case "$pub" in "$cand") foundp=t; break ;; esac
   i=$(( i + 1 ))
 done
@@ -97,36 +95,39 @@ esac
 
 ## Establish the recovery staging area.  See whether we've done enough
 ## already.
-mem=$(userv root claim-mem-dir)
+mem=$(userv root claim-mem-dir </dev/null)
 tag=$(echo $recov | tr / .)
-if [ -d $mem/keys.reveal.$tag ]; then
+mkdir -p -m700 $mem/keys.reveal
+reveal=$mem/keys.reveal/$tag
+if [ ! -d $reveal ]; then mkdir -m700 $reveal; fi
+cd $reveal
+if [ -f secret ]; then
   echo >&2 "$quis: secret $recov already revealed"
   exit 1
 fi
-reveal=$mem/keys.reveal.$tag.$keeper
-if [ ! -d $reveal ]; then mkdir -m700 $reveal; fi
-cd $reveal
-if [ -f share.$i ]; then
+if [ -f $keeper.$i ]; then
   echo >&2 "$quis: share $i already revealed"
   exit 1
 fi
 
 ## Decrypt the share.
+umask 077
 ec_decrypt /dev/stdin \
   -i$KEYS/recov/$recov/$keeper.$i.share \
-  -oshare.$i.new <<EOF
+  -o$keeper.$i.new <<EOF
 $secret
 EOF
-mv share.$i.new share.$i
+mv $keeper.$i.new $keeper.$i
 
 ## See if there's enough for a recovery.
 n=0
-for j in share.*; do if [ -f "$j" ]; then n=$(( n + 1 )); fi; done
+for j in $keeper.*; do if [ -f "$j" ]; then n=$(( n + 1 )); fi; done
 if [ $n -lt $t ]; then
   echo >&2 "$quis: share $i revealed; $(( t - n )) more required"
 else
-  cat $KEYS/recov/$recov/$keeper.param share.* | shamir recover >secret
-  pubx=$(ec_public secret)
+  cat $KEYS/recov/$recov/$keeper.param $keeper.* >$keeper.shares
+  shamir recover <$keeper.shares >secret.new
+  pubx=$(ec_public secret.new)
   puby=$(cat $KEYS/recov/$recov/pub)
   case "$pubx" in
     "$puby") ;;
@@ -135,8 +136,7 @@ else
       exit 1
       ;;
   esac
-  cd ..
-  mv keys.reveal.$tag.$keeper keys.reveal.$tag
+  mv secret.new secret
   echo >&2 "$quis: secret $recov revealed"
 fi
 
diff --git a/shamir.in b/shamir.in
index 116c712..06da00f 100755
--- a/shamir.in
+++ b/shamir.in
@@ -7,18 +7,20 @@
 
 ###----- Licensing notice ---------------------------------------------------
 ###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
 ### it under the terms of the GNU General Public License as published by
 ### the Free Software Foundation; either version 2 of the License, or
 ### (at your option) any later version.
 ###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
 ### but WITHOUT ANY WARRANTY; without even the implied warranty of
 ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ### GNU General Public License for more details.
 ###
 ### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
 ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
 from __future__ import with_statement
diff --git a/stash b/stash
new file mode 100644
index 0000000..98116b5
--- /dev/null
+++ b/stash
@@ -0,0 +1,58 @@
+### -*-sh-*-
+###
+### Stash a recovery blob of a secret
+###
+### (c) 2011 Mark Wooding
+###
+
+###----- Licensing notice ---------------------------------------------------
+###
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
+### it under the terms of the GNU General Public License as published by
+### the Free Software Foundation; either version 2 of the License, or
+### (at your option) any later version.
+###
+### distorted-keys is distributed in the hope that it will be useful,
+### but WITHOUT ANY WARRANTY; without even the implied warranty of
+### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+### GNU General Public License for more details.
+###
+### You should have received a copy of the GNU General Public License
+### along with distorted-keys; if not, write to the Free Software Foundation,
+### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+set -e
+case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
+. "$KEYSLIB"/keyfunc.sh
+
+defhelp <<HELP
+RECOV LABEL [SECRET]
+Store a secret encrypted under the recovery key RECOV.
+
+The LABEL is used to identify the encrypted secret later to the \`recover'
+command.  The secret is read from SECRET, or stdin if SECRET is omitted or
+\`-'.
+HELP
+dohelp
+
+## Parse the command line.
+case $# in
+  2) if [ -t 0 ]; then echo >&2 "$quis: stdin is a terminal"; exit 1; fi ;;
+  3) ;;
+  *) echo >&2 "$usage"; exit 1 ;;
+esac
+recov=$1 label=$2; shift 2
+checkword "recovery key label" "$recov"
+checklabel "secret" "$label"
+
+## Do the thing.
+tmp=$(mktmp); cleanup rmtmp
+cat -- "$@" >$tmp/secret
+cd $KEYS/recov/$recov/current
+case $label in */*) mkdir -m755 -p ${label%/*} ;; esac
+ec_encrypt pub -i$tmp/secret -o$label.new
+mv $label.new $label.recov
+
+###----- That's all, folks --------------------------------------------------
-- 
[mdw]