X-Git-Url: https://git.distorted.org.uk/~mdw/distorted-keys/blobdiff_plain/37ba6d05cc2a4214ff2d447b26a7d6c98322842c..1c739837567925b61e9018d30bd94f9b3b925a44:/keyfunc.sh.in

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index 02bc10d..31843bf 100644
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -154,8 +154,14 @@ check () {
 
   validp=t
   case "$thing" in
-    *"$nl"*) validp=nil ;;
-    *) if ! expr >/dev/null "Q$thing" : "Q$ckpat\$"; then validp=nil; fi ;;
+    *"$nl"*)
+      validp=nil
+      ;;
+    *)
+      if ! expr >/dev/null "Q$thing" : "\(Q$ckpat\)\$"; then
+      validp=nil
+      fi
+      ;;
   esac
   case $validp in
     nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;;
@@ -612,21 +618,23 @@ stash () {
 }
 
 recover () {
-  recov=$1 label=$2
+  recov=$1 inst=$2 label=$3
   ## Recover a stashed secret, protected by RECOV and stored as LABEL, and
   ## write it to stdout.
   checkword "recovery key label" "$recov"
+  checkword "recovery instance" "$inst"
   checklabel "secret" "$label"
 
-  rdir=$KEYS/recov/$recov/current
+  rdir=$KEYS/recov/$recov/$inst
   if [ ! -f $rdir/$label.recov ]; then
-    echo >&2 "$quis: no blob for \`$label' under recovery key \`$recov'"
+    echo >&2 "$quis: recovery key \`$recov/$inst' has no blob for \`$label'"
     exit 1
   fi
   reqsafe
-  nub=$SAFE/keys.reveal/$recov.current/nub
+  tag=$recov.$inst
+  nub=$SAFE/keys.reveal/$tag/nub
   if [ ! -f $nub ]; then
-    echo >&2 "$quis: current recovery key \`$recov' not revealed"
+    echo >&2 "$quis: recovery key \`$recov/$inst' not revealed"
     exit 1;
   fi
   mktmp