validp=t
case "$thing" in
- *"$nl"*) validp=nil ;;
- *) if ! expr >/dev/null "Q$thing" : "Q$ckpat\$"; then validp=nil; fi ;;
+ *"$nl"*)
+ validp=nil
+ ;;
+ *)
+ if ! expr >/dev/null "Q$thing" : "\(Q$ckpat\)\$"; then
+ validp=nil
+ fi
+ ;;
esac
case $validp in
nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;;
}
recover () {
- recov=$1 label=$2
+ recov=$1 inst=$2 label=$3
## Recover a stashed secret, protected by RECOV and stored as LABEL, and
## write it to stdout.
checkword "recovery key label" "$recov"
+ checkword "recovery instance" "$inst"
checklabel "secret" "$label"
- rdir=$KEYS/recov/$recov/current
+ rdir=$KEYS/recov/$recov/$inst
if [ ! -f $rdir/$label.recov ]; then
- echo >&2 "$quis: no blob for \`$label' under recovery key \`$recov'"
+ echo >&2 "$quis: recovery key \`$recov/$inst' has no blob for \`$label'"
exit 1
fi
reqsafe
- nub=$SAFE/keys.reveal/$recov.current/nub
+ tag=$recov.$inst
+ nub=$SAFE/keys.reveal/$tag/nub
if [ ! -f $nub ]; then
- echo >&2 "$quis: current recovery key \`$recov' not revealed"
+ echo >&2 "$quis: recovery key \`$recov/$inst' not revealed"
exit 1;
fi
mktmp
~mdw / distorted-keys / blobdiff