secstore 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214
  1. .TH SECSTORE 1
  2. .SH NAME
  3. aescbc, ipso, secstore \- secstore commands
  4. .SH SYNOPSIS
  5. .B auth/secstore
  6. [
  7. .B -s
  8. .I server
  9. ]
  10. [
  11. .B -(g|G)
  12. .I getfile
  13. ]
  14. [
  15. .B -p
  16. .I putfile
  17. ]
  18. [
  19. .B -r
  20. .I rmfile
  21. ]
  22. [
  23. .B -c
  24. ]
  25. [
  26. .B -u
  27. .I user
  28. ]
  29. [
  30. .B -v
  31. ]
  32. [
  33. .B -i
  34. ]
  35. .PP
  36. .B auth/aescbc
  37. -e
  38. .I <cleartext
  39. .I >ciphertext
  40. .br
  41. .B auth/aescbc
  42. -d
  43. .I <ciphertext
  44. .I >cleartext
  45. .PP
  46. .B ipso
  47. [
  48. .B -a -e -l -f -s
  49. ] [
  50. .I file
  51. \&...
  52. ]
  53. .SH DESCRIPTION
  54. .PP
  55. .I Secstore
  56. authenticates to the server
  57. using a password and optionally a hardware token,
  58. then saves or retrieves a file.
  59. This is intended to be a credentials store (public/private keypairs,
  60. passwords, and other secrets) for a factotum.
  61. .PP
  62. Option
  63. .B -p
  64. stores a file on the secstore.
  65. .PP
  66. Option
  67. .B -g
  68. retrieves a file to the local directory;
  69. option
  70. .B -G
  71. writes it to standard output instead.
  72. Specifying
  73. .I getfile
  74. of . will send to standard output
  75. a list of remote files with dates, lengths and SHA1 hashes.
  76. .PP
  77. Option
  78. .B -r
  79. removes a file from the secstore.
  80. .PP
  81. Option
  82. .B -c
  83. prompts for a password change.
  84. .PP
  85. Option
  86. .B -v
  87. produces more verbose output, in particular providing a few
  88. bits of feedback to help the user detect mistyping.
  89. .PP
  90. Option
  91. .B -i
  92. says that the password should be read from standard input
  93. instead of from
  94. .BR /dev/cons .
  95. .PP
  96. Option
  97. .B -n
  98. says that the password should be read from NVRAM
  99. (see
  100. .IR authsrv (2))
  101. instead of from
  102. .BR /dev/cons .
  103. .PP
  104. The server is
  105. .BR tcp!$auth!secstore ,
  106. or the server specified by option
  107. .BR -s .
  108. .PP
  109. For example, to add a secret to the file read by
  110. .IR factotum (4)
  111. at startup, open a new window, type
  112. .sp
  113. .EX
  114. % ramfs -p; cd /tmp
  115. % auth/secstore -g factotum
  116. secstore password:
  117. % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
  118. % auth/secstore -p factotum
  119. secstore password:
  120. % read -m factotum > /mnt/factotum/ctl
  121. .EE
  122. .PP
  123. and delete the window.
  124. The first line creates an ephemeral memory-resident workspace,
  125. invisible to others and automatically removed when the window is deleted.
  126. The next three commands fetch the persistent copy of the secrets,
  127. append a new secret,
  128. and save the updated file back to secstore.
  129. The final command loads the new secret into the running factotum.
  130. .PP
  131. The
  132. .I ipso
  133. command packages this sequence into a convenient script to simplify editing of
  134. .I files
  135. stored on a secure store.
  136. It copies the named
  137. .I files
  138. into a local
  139. .IR ramfs (4)
  140. and invokes
  141. .IR acme (1)
  142. on them. When the editor exits,
  143. .I ipso
  144. prompts the user to confirm copying modifed or newly created files back to
  145. .I secstore.
  146. If no
  147. .I file
  148. is mentioned,
  149. .I ipso
  150. grabs all the user's files from
  151. .I secstore
  152. for editing.
  153. .PP
  154. By default, ipso will edit the
  155. .I secstore
  156. files and, if
  157. one of them is named
  158. .BR factotum ,
  159. flush current keys from factotum and load
  160. the new ones from the file.
  161. If the
  162. .BR -e ,
  163. .BR -f ,
  164. or
  165. .BR -l
  166. options are given,
  167. .I ipso
  168. will just perform only the requested operations, i.e.,
  169. edit, flush, and/or load.
  170. .PP
  171. The
  172. .B -s
  173. option of
  174. .I ipso
  175. invokes
  176. .IR sam (1)
  177. as the editor insted of
  178. .BR acme ;
  179. the
  180. .B -a
  181. option provides a similar service for files encrypted by
  182. .I aescbc
  183. .RI ( q.v. ).
  184. With the
  185. .B -a
  186. option, the full rooted pathname of the
  187. .I file
  188. must be specified and all
  189. .I files
  190. must be encrypted with the same key.
  191. Also with
  192. .BR -a ,
  193. newly created files are ignored.
  194. .PP
  195. .I Aescbc
  196. encrypts and decrypts using AES (Rijndael) in cipher
  197. block chaining (CBC) mode.
  198. .SH SOURCE
  199. .B /rc/bin/ipso
  200. .br
  201. .B /sys/src/cmd/auth/secstore
  202. .SH SEE ALSO
  203. .IR factotum (4),
  204. .IR secstore (8)
  205. .SH BUGS
  206. There is deliberately no backup of files on the secstore, so
  207. .B -r
  208. (or a disk crash) is irrevocable. You are advised to store
  209. important secrets in a second location.
  210. .PP
  211. When using
  212. .IR ipso ,
  213. secrets will appear as plain text in the editor window,
  214. so use the command in private.