. "$KEYSLIB"/keyfunc.sh
defhelp <<HELP
-RECOV KEEPER [NUB]
+RECOV KEEPER
Reveal a share of a recovery key distributed among keepers.
If enough shares have been revealed, reconstruct the recovery private key.
-The keeper nub is read from NUB, or stdin if NUB is omitted or \`-'.
+The keeper nub is read from stdin.
HELP
## Parse the command line.
-case $# in
- 2) if [ -t 0 ]; then echo >&2 "$quis: stdin is a terminal"; exit 1; fi ;;
- 3) ;;
- *) usage_err ;;
-esac
+case $# in 2) ;; *) usage_err ;; esac
recov=$1 keeper=$2; shift 2
checklabel "recovery key" "$recov"
case "$recov" in
## Grab the key, because we'll need to read it several times.
mktmp
-cat -- "$@" >$tmp/secret
+cat >$tmp/secret
## Read the threshold from the recovery metadata.
-read param <$KEYS/recov/$recov/$keeper.param
-case "$param" in
- shamir-params:*) ;;
- *)
- echo >&2 "$quis: secret sharing parameter file damaged (wrong header)"
- exit 1
- ;;
-esac
-t=";${param#*:}"
-case "$t" in
- *";t="*) ;;
- *)
- echo >&2 "$quis: secret sharing parameter file damaged (missing t)"
- exit 1
- ;;
-esac
-t=${t#*;t=}
-t=${t%%;*}
+t=$(sharethresh $KEYS/recov/$recov/$keeper.param)
## Find out which keeper index it corresponds to.
read n hunoz <$KEYS/keeper/$keeper/meta
echo >&2 "$quis: share $i revealed; $(( $t - $n )) more required"
else
cat $KEYS/recov/$recov/$keeper.param $keeper.*.share >$keeper.shares
- shamir recover <$keeper.shares >nub.new
+ $bindir/shamir recover <$keeper.shares >nub.new
c_sysprepare $KEYS/recov/$recov/store
nubbin=$(nubid <nub.new)
nubid=$(cat $KEYS/recov/$recov/store/nubid)