ホーム エクスプローラ ヘルプ
サインイン
RISCI_ATOM
/
harvey
同期ミラー https://github.com/Harvey-OS/harvey.git
1
0
フォーク 0
ファイル 課題 0 Wiki
ツリー: 5d459b5a09
ブランチ タグ
harvey
/
sys
/
man
/
1
/
secstore

secstore 2.2 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107 
  1. .TH SECSTORE 1
    2. 

  2. .SH NAME
    3. 

  3. aescbc, secstore \- secstore commands
    4. 

  4. .SH SYNOPSIS
    5. 

  5. .B auth/secstore
    6. 

  6. [-c] [-s
    7. 

  7. .I server
    8. 

  8. ] [ -(g|G)
    9. 

  9. .I getfile
    10. 

  10. ] [ -p
    11. 

  11. .I putfile
    12. 

  12. ] [ -r
    13. 

  13. .I rmfile
    14. 

  14. ] [ -u
    15. 

  15. .I user
    16. 

  16. ]
    17. 

  17. .br
    18. 

  18. .B auth/aescbc
    19. 

  19. -e
    20. 

  20. .I password
    21. 

  21. .I cleartext
    22. 

  22. .I cryptext
    23. 

  23. .br
    24. 

  24. .B auth/aescbc
    25. 

  25. -d
    26. 

  26. .I password
    27. 

  27. .I cryptext
    28. 

  28. .I cleartext
    29. 

  29. .PP
    30. 

  30. .SH DESCRIPTION
    31. 

  31. .PP
    32. 

  32. .I Secstore
    33. 

  33. authenticates to the server
    34. 

  34. using a password and optionally a hardware token,
    35. 

  35. then saves or retrieves a file.
    36. 

  36. This is intended to be a credentials store (public/private keypairs,
    37. 

  37. passwords, and other secrets) for a factotum.
    38. 

  38. .PP
    39. 

  39. Option
    40. 

  40. .B -p
    41. 

  41. stores a file on the secstore.
    42. 

  42. .PP
    43. 

  43. Option
    44. 

  44. .B -g
    45. 

  45. retrieves a file to the local directory;
    46. 

  46. option
    47. 

  47. .B -G
    48. 

  48. writes it to standard output instead.
    49. 

  49. Specifying
    50. 

  50. .I getfile
    51. 

  51. of . will send to standard output
    52. 

  52. a list of remote files with dates, lengths and SHA1 hashes.
    53. 

  53. .PP
    54. 

  54. Option
    55. 

  55. .B -r
    56. 

  56. removes a file from the secstore.
    57. 

  57. .PP
    58. 

  58. Option
    59. 

  59. .B -v
    60. 

  60. produces more verbose output, in particular providing a few
    61. 

  61. bits of feedback to help the user detect mistyping.
    62. 

  62. .PP
    63. 

  63. Option
    64. 

  64. .B -c
    65. 

  65. prompts for a password change.
    66. 

  66. .PP
    67. 

  67. The server is
    68. 

  68. .BR tcp!$auth!5356 ,
    69. 

  69. or the server specified by option
    70. 

  70. .BR -s .
    71. 

  71. .PP
    72. 

  72. For example, to add a secret to the default file read by
    73. 

  73. .IR factotum (4)
    74. 

  74. at startup, open a new window and 
    75. 

  75. .sp
    76. 

  76. .EX
    77. 

  77.   % ramfs -p; cd /tmp
    78. 

  78.   % auth/secstore -g factotum
    79. 

  79.   secstore password:
    80. 

  80.   % echo 'key proto=apop dom=x.com user=ehg !password=y~1' >> factotum
    81. 

  81.   % auth/secstore -p factotum
    82. 

  82.   secstore password:
    83. 

  83.   % read -m factotum > /mnt/factotum/ctl
    84. 

  84. .EE
    85. 

  85. and delete the window.
    86. 

  86. The first line an ephemeral memory-resident workspace,
    87. 

  87. invisible to others and automatically removed when the window is deleted.
    88. 

  88. The next three commands fetch the persistent copy of the secrets,
    89. 

  89. append a new secret,
    90. 

  90. and save the updated file back to secstore.
    91. 

  91. The final command loads the new secret into the running factotum.
    92. 

  92. .PP
    93. 

  93. .I Aescbc
    94. 

  94. encrypts and decrypts using AES (Rijndael) in cipher
    95. 

  95. block chaining (CBC) mode.  This is the file encryption
    96. 

  96. used internally by
    97. 

  97. .IR secstore .
    98. 

  98. .SH SOURCE
    99. 

  99. .B /sys/src/cmd/auth/secstore
    100. 

  100. .SH SEE ALSO
    101. 

  101. .IR factotum (4),
    102. 

  102. .IR secstore (8)
    103. 

  103. .SH BUGS
    104. 

  104. There is deliberately no backup of files on the secstore, so
    105. 

  105. .B -r
    106. 

  106. (or a disk crash) is irrevocable.  You are advised to store
    107. 

  107. important secrets in a second location.
    108.