secstore 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
  1. .TH SECSTORE 1
  2. .SH NAME
  3. aescbc, ipso, secstore \- secstore commands
  4. .SH SYNOPSIS
  5. .B auth/secstore
  6. [
  7. .B -cinv
  8. ] [
  9. .B -(g|G)
  10. .I getfile
  11. ] [
  12. .B -p
  13. .I putfile
  14. ] [
  15. .B -r
  16. .I rmfile
  17. ] [
  18. .B -s
  19. .I server
  20. ] [
  21. .B -u
  22. .I user
  23. ]
  24. .PP
  25. .B auth/aescbc
  26. -e
  27. [ -in ]
  28. .I <cleartext
  29. .I >ciphertext
  30. .br
  31. .B auth/aescbc
  32. -d
  33. [ -in ]
  34. .I <ciphertext
  35. .I >cleartext
  36. .PP
  37. .B ipso
  38. [
  39. .B -a -e -l -f -s
  40. ] [
  41. .I file
  42. \&...
  43. ]
  44. .SH DESCRIPTION
  45. .I Secstore
  46. authenticates to a secure-store server
  47. using a password and optionally a hardware token,
  48. then saves or retrieves a file.
  49. This is intended to be a credentials store (public/private keypairs,
  50. passwords, and other secrets) for a factotum.
  51. .PP
  52. Option
  53. .B -c
  54. prompts for a password change.
  55. .PP
  56. Option
  57. .B -g
  58. retrieves a file to the local directory;
  59. option
  60. .B -G
  61. writes it to standard output instead.
  62. Specifying
  63. .I getfile
  64. of
  65. .L \&.
  66. will send to standard output
  67. a list of remote files with dates, lengths and SHA1 hashes.
  68. .PP
  69. Option
  70. .B -i
  71. says that the password should be read from standard input
  72. instead of from
  73. .BR /dev/cons .
  74. .PP
  75. Option
  76. .B -n
  77. says that the password should be read from NVRAM
  78. (see
  79. .IR authsrv (2))
  80. instead of from
  81. .BR /dev/cons .
  82. .PP
  83. Option
  84. .B -p
  85. stores a file on the secstore.
  86. .PP
  87. Option
  88. .B -r
  89. removes a file from the secstore.
  90. .PP
  91. The server is
  92. .BR tcp!$auth!secstore ,
  93. or the server specified by option
  94. .BR -s .
  95. .PP
  96. Option
  97. .B -v
  98. produces more verbose output, in particular providing a few
  99. bits of feedback to help the user detect mistyping.
  100. .PP
  101. For example, to add a secret to the file read by
  102. .IR factotum (4)
  103. at startup, open a new window, type
  104. .LP
  105. .EX
  106. % ramfs -p; cd /tmp
  107. % auth/secstore -g factotum
  108. secstore password:
  109. % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
  110. % auth/secstore -p factotum
  111. secstore password:
  112. % read -m factotum > /mnt/factotum/ctl
  113. .EE
  114. .LP
  115. and delete the window.
  116. The first line creates an ephemeral memory-resident workspace,
  117. invisible to others and automatically removed when the window is deleted.
  118. The next three commands fetch the persistent copy of the secrets,
  119. append a new secret,
  120. and save the updated file back to secstore.
  121. The final command loads the new secret into the running factotum.
  122. .PP
  123. The
  124. .I ipso
  125. command packages this sequence into a convenient script to simplify editing of
  126. .I files
  127. stored on a secure store.
  128. It copies the named
  129. .I files
  130. into a local
  131. .IR ramfs (4)
  132. and invokes
  133. .IR acme (1)
  134. on them. When the editor exits,
  135. .I ipso
  136. prompts the user to confirm copying modifed or newly created files back to
  137. .I secstore.
  138. If no
  139. .I file
  140. is mentioned,
  141. .I ipso
  142. grabs all the user's files from
  143. .I secstore
  144. for editing.
  145. .PP
  146. By default,
  147. .I ipso
  148. will edit the
  149. .I secstore
  150. files and, if
  151. one of them is named
  152. .BR factotum ,
  153. flush current keys from factotum and load
  154. the new ones from the file.
  155. If the
  156. .BR -e ,
  157. .BR -f ,
  158. or
  159. .BR -l
  160. options are given,
  161. .I ipso
  162. will just perform only the requested operations, i.e.,
  163. edit, flush, and/or load.
  164. .PP
  165. The
  166. .B -s
  167. option of
  168. .I ipso
  169. invokes
  170. .IR sam (1)
  171. as the editor insted of
  172. .BR acme ;
  173. the
  174. .B -a
  175. option provides a similar service for files encrypted by
  176. .I aescbc
  177. .RI ( q.v. ).
  178. With the
  179. .B -a
  180. option, the full rooted pathname of the
  181. .I file
  182. must be specified and all
  183. .I files
  184. must be encrypted with the same key.
  185. Also with
  186. .BR -a ,
  187. newly created files are ignored.
  188. .PP
  189. .I Aescbc
  190. encrypts (under
  191. .LR -e )
  192. and decrypts (under
  193. .LR -d )
  194. using AES (Rijndael) in cipher block chaining (CBC) mode.
  195. Options
  196. .L i
  197. and
  198. .L n
  199. are as per
  200. .IR secstore ,
  201. except that
  202. .L i
  203. reads from file descriptor 3.
  204. .SH SOURCE
  205. .B /rc/bin/ipso
  206. .br
  207. .B /sys/src/cmd/auth/secstore
  208. .SH SEE ALSO
  209. .IR factotum (4),
  210. .IR secstore (8)
  211. .SH BUGS
  212. There is deliberately no backup of files on the secstore, so
  213. .B -r
  214. (or a disk crash) is irrevocable. You are advised to store
  215. important secrets in a second location.
  216. .PP
  217. When using
  218. .IR ipso ,
  219. secrets will appear as plain text in the editor window,
  220. so use the command in private.