plan9port

fork of plan9port with libvec, libstr and libsdb
Log | Files | Refs | README | LICENSE

secstore.1 (3983B)

      1 .TH SECSTORE 1
      2 .SH NAME
      3 aescbc, ipso, secstore \- secstore commands
      4 .SH SYNOPSIS
      5 .B secstore
      6 [
      7 .B -s
      8 .I server
      9 ]
     10 [
     11 .B -(g|G)
     12 .I getfile
     13 ]
     14 [
     15 .B -p
     16 .I putfile
     17 ]
     18 [
     19 .B -r
     20 .I rmfile
     21 ]
     22 [
     23 .B -c
     24 ]
     25 [
     26 .B -u
     27 .I user
     28 ]
     29 [
     30 .B -v
     31 ]
     32 [
     33 .B -i
     34 ]
     35 .PP
     36 .B aescbc
     37 -e
     38 .I <cleartext
     39 .I >ciphertext
     40 .br
     41 .B aescbc
     42 -d
     43 .I <ciphertext
     44 .I >cleartext
     45 .PP
     46 .B ipso
     47 [
     48 .B -a -e -l -f
     49 ] [
     50 .I file
     51 \&...
     52 ]
     53 .SH DESCRIPTION
     54 .PP
     55 .I Secstore
     56 authenticates to the server
     57 using a password and optionally a hardware token,
     58 then saves or retrieves a file.
     59 This is intended to be a credentials store (public/private keypairs,
     60 passwords, and other secrets) for a factotum.
     61 .PP
     62 Option
     63 .B -p
     64 stores a file on the secstore.
     65 .PP
     66 Option
     67 .B -g
     68 retrieves a file to the local directory;
     69 option
     70 .B -G
     71 writes it to standard output instead.
     72 Specifying
     73 .I getfile
     74 of . will send to standard output
     75 a list of remote files with dates, lengths and SHA1 hashes.
     76 .PP
     77 Option
     78 .B -r
     79 removes a file from the secstore.
     80 .PP
     81 Option
     82 .B -c
     83 prompts for a password change.
     84 .PP
     85 Option
     86 .B -v
     87 produces more verbose output, in particular providing a few
     88 bits of feedback to help the user detect mistyping.
     89 .PP
     90 Option
     91 .B -i
     92 says that the password should be read from standard input
     93 instead of from 
     94 .BR /dev/tty .
     95 .PP
     96 Option
     97 .B -n
     98 says that the password should be read from NVRAM
     99 (see
    100 .MR authsrv (3) )
    101 instead of from
    102 .BR /dev/tty .
    103 .PP
    104 The server is
    105 .BR tcp!$auth!secstore ,
    106 or the server specified by option
    107 .BR -s .
    108 .PP
    109 For example, to add a secret to the file read by
    110 .MR factotum (4) ,
    111 run
    112 .sp
    113 .EX
    114   % cd somewhere-private
    115   % auth/secstore -g factotum
    116   secstore password:
    117   % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
    118   % auth/secstore -p factotum
    119   secstore password:
    120   % cat factotum | 9p write -l factotum/ctl
    121 .EE
    122 .PP
    123 and delete the window.
    124 The middle commands fetch the persistent copy of the secrets,
    125 append a new secret,
    126 and save the updated file back to secstore.
    127 The final command loads the new secret into the running factotum.
    128 .PP
    129 The
    130 .I ipso
    131 command packages this sequence into a convenient script to simplify editing of
    132 .I files
    133 stored on a secure store.
    134 It copies the named
    135 .I files
    136 into a private directory,
    137 plumbs them to the editor,
    138 and waits for a line on the console
    139 Once a line is typed,
    140 signifying that editing is complete,
    141 .I ipso
    142 prompts the user to confirm copying modifed or newly created files back to
    143 .I secstore.
    144 If no
    145 .I file
    146 is mentioned,
    147 .I ipso
    148 grabs all the user's files from
    149 .I secstore
    150 for editing.
    151 .PP
    152 By default, ipso will edit the
    153 .I secstore
    154 files and, if
    155 one of them is named
    156 .BR factotum ,
    157 flush current keys from factotum and load
    158 the new ones from the file.
    159 If the 
    160 .BR -e ,
    161 .BR -f ,
    162 or
    163 .BR -l
    164 options are given,
    165 .I ipso
    166 will just perform only the requested operations, i.e.,
    167 edit, flush, and/or load.
    168 .PP
    169 The
    170 .B -a
    171 option of
    172 .I ipso
    173 provides a similar service for files encrypted by
    174 .I aescbc
    175 .RI ( q.v. ).
    176 With the
    177 .B -a
    178 option, the full rooted pathname of the
    179 .I file
    180 must be specified and all
    181 .I files
    182 must be encrypted with the same key.
    183 Also with
    184 .BR -a ,
    185 newly created files are ignored.
    186 .PP
    187 .I Aescbc
    188 encrypts and decrypts using AES (Rijndael) in cipher
    189 block chaining (CBC) mode.
    190 .SH SOURCE
    191 .B \*9/bin/ipso
    192 .br
    193 .B \*9/src/cmd/auth/secstore
    194 .SH SEE ALSO
    195 .MR factotum (4) ,
    196 .MR secstored (1)
    197 .SH BUGS
    198 There is deliberately no backup of files on the secstore, so
    199 .B -r
    200 (or a disk crash) is irrevocable.  You are advised to store
    201 important secrets in a second location.
    202 .PP
    203 When using
    204 .IR ipso ,
    205 secrets will appear as plain text in the editor window,
    206 so use the command in private.
    207 .PP
    208 Establishing a private directory in which to store the secret
    209 files is difficult on Unix.
    210 On most systems,
    211 .I ipso
    212 creates a mode 700 directory
    213 .BI /tmp/ipso. user
    214 and works there.
    215 On Linux systems,
    216 .I ipso
    217 looks for a
    218 .B tmpfs
    219 file system; if it exists, 
    220 .I ipso
    221 creates the
    222 .BI ipso. user
    223 directory in its root
    224 instead of
    225 .BR /tmp .
    226 .PP
    227 .I Ipso
    228 should zero the secret files before removing them.