secstore(1) - Plan 9 from User Space

From 78e51a8c6678b6e3dff3d619aa786669f531f4bc Mon Sep 17 00:00:00 2001 From: rsc Date: Fri, 14 Jan 2005 03:45:44 +0000 Subject: checkpoint --- man/man1/secstore.html | 145 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 man/man1/secstore.html (limited to 'man/man1/secstore.html') diff --git a/man/man1/secstore.html b/man/man1/secstore.html new file mode 100644 index 00000000..1b9a3a89 --- /dev/null +++ b/man/man1/secstore.html @@ -0,0 +1,145 @@ + +secstore(1) - Plan 9 from User Space + + + + +

SECSTORE(1) SECSTORE(1) +

+
+

NAME
+ +
+ + aescbc, secstore, ipso – secstore commands
+ +
+

SYNOPSIS
+ +
+ + secstore [ −s server ] [ −(g|G) getfile ] [ −p putfile ] [ −r + rmfile ] [ −c ] [ −u user ] [ −v ] [ −i ] +
+ + aescbc -e <cleartext >ciphertext
+ aescbc -d <ciphertext >cleartext +
+ + ipso [ −a −e −l −f −s ] [ file ... ] +
+ + +
+

DESCRIPTION
+ +
+ + +
+ + Secstore authenticates to the server using a password and optionally + a hardware token, then saves or retrieves a file. This is intended + to be a credentials store (public/private keypairs, passwords, + and other secrets) for a factotum. +
+ + Option −p stores a file on the secstore. +
+ + Option −g retrieves a file to the local directory; option −G writes + it to standard output instead. Specifying getfile of . will send + to standard output a list of remote files with dates, lengths + and SHA1 hashes. +
+ + Option −r removes a file from the secstore. +
+ + Option −c prompts for a password change. +
+ + Option −v produces more verbose output, in particular providing + a few bits of feedback to help the user detect mistyping. +
+ + Option −i says that the password should be read from standard + input instead of from /dev/cons. +
+ + Option −n says that the password should be read from NVRAM instead + of from /dev/cons. This option is unsupported. +
+ + The server is tcp!$auth!5356, or the server specified by option + −s. +
+ + For example, to add a secret to the file read by factotum(4) at + startup, open a new window, type
+ +
+ + % ramfs −p; cd /tmp + % auth/secstore −g factotum + secstore password: + % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum + % auth/secstore −p factotum + secstore password: + % read −m factotum > /mnt/factotum/ctl + + + + +
+ and delete the window. The first line creates an ephemeral memory-resident + workspace, invisible to others and automatically removed when + the window is deleted. The next three commands fetch the persistent + copy of the secrets, append a new secret, and save the updated + file back to secstore. The final command + loads the new secret into the running factotum. +
+ + Aescbc encrypts and decrypts using AES (Rijndael) in cipher block + chaining (CBC) mode.
+ +
+

SOURCE
+ +
+ + /usr/local/plan9/src/cmd/secstore + +
+

SEE ALSO
+ +
+ + factotum(4), Plan 9’s secstore(8)
+ +
+

BUGS
+ +
+ + There is deliberately no backup of files on the secstore, so −r + (or a disk crash) is irrevocable. You are advised to store important + secrets in a second location.
+ +
+ +

+ + +

		+
	+ + + +

+ + -- cgit v1.2.3