. "$KEYSLIB"/keyfunc.sh
defhelp <<HELP
-[-p PROFILE] KEEPER N [OPTION=VALUE ...]
+[-f] [-p PROFILE] KEEPER N [OPTION=VALUE ...]
Create a new set of keeper keys.
-The key nubs are stored in KEEPER/I for each 0 <= I < N in the current
-directory; presumably you'll do something sensible with them. A new
-directory $KEYS/keeper/KEEPER is created (it is an error if it already
-exists), containing the key store directories and some metadata meta.
+The key nubs are stored in a safe but temporary place where they can be
+extracted using \`keys keeper-nub'.
HELP
## Parse the command line.
+force=nil
profile=${keeper_profile-keeper}
-while getopts "p:" opt; do
+while getopts "fp:" opt; do
case "$opt" in
+ f) force=t ;;
p) profile=$OPTARG ;;
*) usage_err ;;
esac
checkword "profile label" "$profile"
## Preflight checking.
-if [ -e $KEYS/keeper/$keeper ]; then
- echo >&2 "$0: keeper set \`$keeper' already exists"
- exit 1
-fi
-if [ -e $keeper ]; then
- echo >&2 "$0: destination \`$keeper' already exists"
- exit 1
-fi
+reqsafe
+case $force in
+ nil)
+ if [ -e $KEYS/keeper/$keeper ]; then
+ echo >&2 "$quis: keeper set \`$keeper' already exists"
+ exit 1
+ fi
+ if [ -e $SAFE/keys.keeper/$keeper ]; then
+ echo >&2 "$quis: destination \`$keeper' already exists"
+ exit 1
+ fi
+ ;;
+ t)
+ rm -rf $KEYS/keeper/$keeper
+ rm -rf $SAFE/keys.keeper/$keeper/
+ ;;
+esac
## Generate the private keys, one per file, and compute the public keys.
mktmp
+mkdir -m700 $SAFE/keys.keeper/
+cd $SAFE/keys.keeper/
rm -rf $keeper.new
mkdir -m700 $keeper.new
mkdir -p -m755 $KEYS/keeper/$keeper.new