|
NAME
| |
aescbc, secstore, ipso – secstore commands
|
SYNOPSIS
| |
secstore [ −s server ] [ −(g|G) getfile ] [ −p putfile ] [ −r
rmfile ] [ −c ] [ −u user ] [ −v ] [ −i ]
aescbc -e <cleartext >ciphertext
aescbc -d <ciphertext >cleartext
ipso [ −a −e −l −f −s ] [ file ... ]
|
DESCRIPTION
| |
Secstore authenticates to the server using a password and optionally
a hardware token, then saves or retrieves a file. This is intended
to be a credentials store (public/private keypairs, passwords,
and other secrets) for a factotum.
Option −p stores a file on the secstore.
Option −g retrieves a file to the local directory; option −G writes
it to standard output instead. Specifying getfile of . will send
to standard output a list of remote files with dates, lengths
and SHA1 hashes.
Option −r removes a file from the secstore.
Option −c prompts for a password change.
Option −v produces more verbose output, in particular providing
a few bits of feedback to help the user detect mistyping.
Option −i says that the password should be read from standard
input instead of from /dev/cons.
Option −n says that the password should be read from NVRAM instead
of from /dev/cons. This option is unsupported.
The server is tcp!$auth!5356, or the server specified by option
−s.
For example, to add a secret to the file read by factotum(4) at
startup, open a new window, type
| |
% ramfs −p; cd /tmp
% auth/secstore −g factotum
secstore password:
% echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
% auth/secstore −p factotum
secstore password:
% read −m factotum > /mnt/factotum/ctl
|
and delete the window. The first line creates an ephemeral memory-resident
workspace, invisible to others and automatically removed when
the window is deleted. The next three commands fetch the persistent
copy of the secrets, append a new secret, and save the updated
file back to secstore. The final command
loads the new secret into the running factotum.
Aescbc encrypts and decrypts using AES (Rijndael) in cipher block
chaining (CBC) mode.
|
SOURCE
| |
/usr/local/plan9/src/cmd/secstore
|
SEE ALSO
BUGS
| |
There is deliberately no backup of files on the secstore, so −r
(or a disk crash) is irrevocable. You are advised to store important
secrets in a second location.
|
|
|