secstore 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206
  1. .TH SECSTORE 1
  2. .SH NAME
  3. aescbc, ipso, secstore \- secstore commands
  4. .SH SYNOPSIS
  5. .B auth/secstore
  6. [
  7. .B -cinv
  8. ] [
  9. .B -(g|G)
  10. .I getfile
  11. ] [
  12. .B -p
  13. .I putfile
  14. ] [
  15. .B -r
  16. .I rmfile
  17. ] [
  18. .B -s
  19. .I server
  20. ] [
  21. .B -u
  22. .I user
  23. ]
  24. .PP
  25. .B auth/aescbc
  26. -e
  27. .I <cleartext
  28. .I >ciphertext
  29. .br
  30. .B auth/aescbc
  31. -d
  32. .I <ciphertext
  33. .I >cleartext
  34. .PP
  35. .B ipso
  36. [
  37. .B -a -e -l -f -s
  38. ] [
  39. .I file
  40. \&...
  41. ]
  42. .SH DESCRIPTION
  43. .I Secstore
  44. authenticates to a secure-store server
  45. using a password and optionally a hardware token,
  46. then saves or retrieves a file.
  47. This is intended to be a credentials store (public/private keypairs,
  48. passwords, and other secrets) for a factotum.
  49. .PP
  50. Option
  51. .B -c
  52. prompts for a password change.
  53. .PP
  54. Option
  55. .B -g
  56. retrieves a file to the local directory;
  57. option
  58. .B -G
  59. writes it to standard output instead.
  60. Specifying
  61. .I getfile
  62. of
  63. .L \&.
  64. will send to standard output
  65. a list of remote files with dates, lengths and SHA1 hashes.
  66. .PP
  67. Option
  68. .B -i
  69. says that the password should be read from standard input
  70. instead of from
  71. .BR /dev/cons .
  72. .PP
  73. Option
  74. .B -n
  75. says that the password should be read from NVRAM
  76. (see
  77. .IR authsrv (2))
  78. instead of from
  79. .BR /dev/cons .
  80. .PP
  81. Option
  82. .B -p
  83. stores a file on the secstore.
  84. .PP
  85. Option
  86. .B -r
  87. removes a file from the secstore.
  88. .PP
  89. The server is
  90. .BR tcp!$auth!secstore ,
  91. or the server specified by option
  92. .BR -s .
  93. .PP
  94. Option
  95. .B -v
  96. produces more verbose output, in particular providing a few
  97. bits of feedback to help the user detect mistyping.
  98. .PP
  99. For example, to add a secret to the file read by
  100. .IR factotum (4)
  101. at startup, open a new window, type
  102. .LP
  103. .EX
  104. % ramfs -p; cd /tmp
  105. % auth/secstore -g factotum
  106. secstore password:
  107. % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
  108. % auth/secstore -p factotum
  109. secstore password:
  110. % read -m factotum > /mnt/factotum/ctl
  111. .EE
  112. .LP
  113. and delete the window.
  114. The first line creates an ephemeral memory-resident workspace,
  115. invisible to others and automatically removed when the window is deleted.
  116. The next three commands fetch the persistent copy of the secrets,
  117. append a new secret,
  118. and save the updated file back to secstore.
  119. The final command loads the new secret into the running factotum.
  120. .PP
  121. The
  122. .I ipso
  123. command packages this sequence into a convenient script to simplify editing of
  124. .I files
  125. stored on a secure store.
  126. It copies the named
  127. .I files
  128. into a local
  129. .IR ramfs (4)
  130. and invokes
  131. .IR acme (1)
  132. on them. When the editor exits,
  133. .I ipso
  134. prompts the user to confirm copying modifed or newly created files back to
  135. .I secstore.
  136. If no
  137. .I file
  138. is mentioned,
  139. .I ipso
  140. grabs all the user's files from
  141. .I secstore
  142. for editing.
  143. .PP
  144. By default,
  145. .I ipso
  146. will edit the
  147. .I secstore
  148. files and, if
  149. one of them is named
  150. .BR factotum ,
  151. flush current keys from factotum and load
  152. the new ones from the file.
  153. If the
  154. .BR -e ,
  155. .BR -f ,
  156. or
  157. .BR -l
  158. options are given,
  159. .I ipso
  160. will just perform only the requested operations, i.e.,
  161. edit, flush, and/or load.
  162. .PP
  163. The
  164. .B -s
  165. option of
  166. .I ipso
  167. invokes
  168. .IR sam (1)
  169. as the editor insted of
  170. .BR acme ;
  171. the
  172. .B -a
  173. option provides a similar service for files encrypted by
  174. .I aescbc
  175. .RI ( q.v. ).
  176. With the
  177. .B -a
  178. option, the full rooted pathname of the
  179. .I file
  180. must be specified and all
  181. .I files
  182. must be encrypted with the same key.
  183. Also with
  184. .BR -a ,
  185. newly created files are ignored.
  186. .PP
  187. .I Aescbc
  188. encrypts and decrypts using AES (Rijndael) in cipher
  189. block chaining (CBC) mode.
  190. .SH SOURCE
  191. .B /rc/bin/ipso
  192. .br
  193. .B /sys/src/cmd/auth/secstore
  194. .SH SEE ALSO
  195. .IR factotum (4),
  196. .IR secstore (8)
  197. .SH BUGS
  198. There is deliberately no backup of files on the secstore, so
  199. .B -r
  200. (or a disk crash) is irrevocable. You are advised to store
  201. important secrets in a second location.
  202. .PP
  203. When using
  204. .IR ipso ,
  205. secrets will appear as plain text in the editor window,
  206. so use the command in private.