The recovery key must be revealed. The secret is written to stdout.
HELP
-dohelp
## Parse the command line.
-case $# in 2) ;; *) echo >&2 "$usage"; exit 1 ;; esac
+case $# in 2) ;; *) usage_err ;; esac
recov=$1 label=$2
checklabel "recovery key label" "$recov"
checklabel "secret" "$label"
## Do the recovery.
-blob=$KEYS/recov/$recov/current/$label.recov
-if [ ! -f $blob ]; then
- echo >&2 "$quis: no recovery blob for secret \`$label'"
- exit 1
-fi
-mem=$(userv root claim-mem-dir </dev/null)
-reveal=$mem/keys.reveal/$recov.current/secret
-if [ ! -f $reveal ]; then
- echo >&2 "$quis: current $recov key not revealed"
- exit 1
-fi
-tmp=$(mktmp); cleanup rmtmp
-ec_decrypt $reveal -i$blob
+recover $recov $label
###----- That's all, folks --------------------------------------------------
~mdw / distorted-keys / blobdiff