secstore 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225
  1. .TH SECSTORE 1
  2. .SH NAME
  3. aescbc, ipso, secstore \- secstore commands
  4. .SH SYNOPSIS
  5. .B auth/secstore
  6. [
  7. .B -cinv
  8. ] [
  9. .B -(g|G)
  10. .I getfile
  11. ] [
  12. .B -p
  13. .I putfile
  14. ] [
  15. .B -r
  16. .I rmfile
  17. ] [
  18. .B -s
  19. .I server
  20. ] [
  21. .B -u
  22. .I user
  23. ]
  24. .PP
  25. .B auth/aescbc
  26. -e
  27. [ -in ]
  28. .I <cleartext
  29. .I >ciphertext
  30. .br
  31. .B auth/aescbc
  32. -d
  33. [ -in ]
  34. .I <ciphertext
  35. .I >cleartext
  36. .PP
  37. .B ipso
  38. [
  39. .B -a -e -l -f -s
  40. ] [
  41. .I file
  42. \&...
  43. ]
  44. .SH DESCRIPTION
  45. .I Secstore
  46. authenticates to a secure-store server
  47. using a password and optionally a hardware token,
  48. then saves or retrieves a file.
  49. This is intended to be a credentials store (public/private keypairs,
  50. passwords, and other secrets) for a factotum.
  51. .PP
  52. Option
  53. .B -c
  54. prompts for a password change.
  55. .PP
  56. Option
  57. .B -g
  58. retrieves a file to the local directory;
  59. option
  60. .B -G
  61. writes it to standard output instead.
  62. Specifying
  63. .I getfile
  64. of
  65. .L \&.
  66. will send to standard output
  67. a list of remote files with dates, lengths and SHA1 hashes.
  68. .PP
  69. Option
  70. .B -i
  71. says that the password should be read from standard input
  72. instead of from
  73. .BR /dev/cons .
  74. .PP
  75. Option
  76. .B -n
  77. says that the password should be read from NVRAM
  78. (see
  79. .IR authsrv (2))
  80. instead of from
  81. .BR /dev/cons .
  82. .PP
  83. Option
  84. .B -p
  85. stores a file on the secstore.
  86. .PP
  87. Option
  88. .B -r
  89. removes a file from the secstore.
  90. .PP
  91. The server is
  92. .BR tcp!$auth!secstore ,
  93. or the server specified by option
  94. .BR -s .
  95. .PP
  96. Option
  97. .B -u
  98. access the secure-store files belonging to
  99. .IR user .
  100. .PP
  101. Option
  102. .B -v
  103. produces more verbose output, in particular providing a few
  104. bits of feedback to help the user detect mistyping.
  105. .PP
  106. For example, to add a secret to the file read by
  107. .IR factotum (4)
  108. at startup, open a new window, type
  109. .LP
  110. .EX
  111. % ramfs -p; cd /tmp
  112. % auth/secstore -g factotum
  113. secstore password:
  114. % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
  115. % auth/secstore -p factotum
  116. secstore password:
  117. % read -m factotum > /mnt/factotum/ctl
  118. .EE
  119. .LP
  120. and delete the window.
  121. The first line creates an ephemeral memory-resident workspace,
  122. invisible to others and automatically removed when the window is deleted.
  123. The next three commands fetch the persistent copy of the secrets,
  124. append a new secret,
  125. and save the updated file back to secstore.
  126. The final command loads the new secret into the running factotum.
  127. .PP
  128. The
  129. .I ipso
  130. command packages this sequence into a convenient script to simplify editing of
  131. .I files
  132. stored on a secure store.
  133. It copies the named
  134. .I files
  135. into a local
  136. .IR ramfs (4)
  137. and invokes
  138. .IR acme (1)
  139. on them. When the editor exits,
  140. .I ipso
  141. prompts the user to confirm copying modifed or newly created files back to
  142. .I secstore.
  143. If no
  144. .I file
  145. is mentioned,
  146. .I ipso
  147. grabs all the user's files from
  148. .I secstore
  149. for editing.
  150. .PP
  151. By default,
  152. .I ipso
  153. will edit the
  154. .I secstore
  155. files and, if
  156. one of them is named
  157. .BR factotum ,
  158. flush current keys from factotum and load
  159. the new ones from the file.
  160. If the
  161. .BR -e ,
  162. .BR -f ,
  163. or
  164. .BR -l
  165. options are given,
  166. .I ipso
  167. will just perform only the requested operations, i.e.,
  168. edit, flush, and/or load.
  169. .PP
  170. The
  171. .B -s
  172. option of
  173. .I ipso
  174. invokes
  175. .IR sam (1)
  176. as the editor insted of
  177. .BR acme ;
  178. the
  179. .B -a
  180. option provides a similar service for files encrypted by
  181. .I aescbc
  182. .RI ( q.v. ).
  183. With the
  184. .B -a
  185. option, the full rooted pathname of the
  186. .I file
  187. must be specified and all
  188. .I files
  189. must be encrypted with the same key.
  190. Also with
  191. .BR -a ,
  192. newly created files are ignored.
  193. .PP
  194. .I Aescbc
  195. encrypts (under
  196. .LR -e )
  197. and decrypts (under
  198. .LR -d )
  199. using AES (Rijndael) in cipher block chaining (CBC) mode.
  200. Options
  201. .L i
  202. and
  203. .L n
  204. are as per
  205. .IR secstore ,
  206. except that
  207. .L i
  208. reads from file descriptor 3.
  209. .SH SOURCE
  210. .B /rc/bin/ipso
  211. .br
  212. .B /sys/src/cmd/auth/secstore
  213. .SH SEE ALSO
  214. .IR factotum (4),
  215. .IR secstore (8)
  216. .SH BUGS
  217. There is deliberately no backup of files on the secstore, so
  218. .B -r
  219. (or a disk crash) is irrevocable. You are advised to store
  220. important secrets in a second location.
  221. .PP
  222. When using
  223. .IR ipso ,
  224. secrets will appear as plain text in the editor window,
  225. so use the command in private.