. "$KEYSLIB"/keyfunc.sh
defhelp <<HELP
-RECOV KEEPER [NUB]
+RECOV KEEPER
Reveal a share of a recovery key distributed among keepers.
If enough shares have been revealed, reconstruct the recovery private key.
-The keeper nub is read from NUB, or stdin if NUB is omitted or \`-'.
+The keeper nub is read from stdin.
HELP
## Parse the command line.
-case $# in
- 2) if [ -t 0 ]; then echo >&2 "$quis: stdin is a terminal"; exit 1; fi ;;
- 3) ;;
- *) usage_err ;;
-esac
+case $# in 2) ;; *) usage_err ;; esac
recov=$1 keeper=$2; shift 2
checklabel "recovery key" "$recov"
case "$recov" in
## Grab the key, because we'll need to read it several times.
mktmp
-cat -- "$@" >$tmp/secret
+cat >$tmp/secret
## Read the threshold from the recovery metadata.
read param <$KEYS/recov/$recov/$keeper.param
echo >&2 "$quis: share $i revealed; $(( $t - $n )) more required"
else
cat $KEYS/recov/$recov/$keeper.param $keeper.*.share >$keeper.shares
- shamir recover <$keeper.shares >nub.new
+ $bindir/shamir recover <$keeper.shares >nub.new
c_sysprepare $KEYS/recov/$recov/store
nubbin=$(nubid <nub.new)
nubid=$(cat $KEYS/recov/$recov/store/nubid)