aboutsummaryrefslogtreecommitdiff
path: root/man/man1/secstore.1
blob: 9374e390297e0d6f986376de63a390664f08a4c3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
.TH SECSTORE 1
.SH NAME
aescbc, ipso, secstore \- secstore commands
.SH SYNOPSIS
.B secstore
[
.B -s
.I server
]
[
.B -(g|G)
.I getfile
]
[
.B -p
.I putfile
]
[
.B -r
.I rmfile
]
[
.B -c
]
[
.B -u
.I user
]
[
.B -v
]
[
.B -i
]
.PP
.B aescbc
-e
.I <cleartext
.I >ciphertext
.br
.B aescbc
-d
.I <ciphertext
.I >cleartext
.PP
.B ipso
[
.B -a -e -l -f
] [
.I file
\&...
]
.SH DESCRIPTION
.PP
.I Secstore
authenticates to the server
using a password and optionally a hardware token,
then saves or retrieves a file.
This is intended to be a credentials store (public/private keypairs,
passwords, and other secrets) for a factotum.
.PP
Option
.B -p
stores a file on the secstore.
.PP
Option
.B -g
retrieves a file to the local directory;
option
.B -G
writes it to standard output instead.
Specifying
.I getfile
of . will send to standard output
a list of remote files with dates, lengths and SHA1 hashes.
.PP
Option
.B -r
removes a file from the secstore.
.PP
Option
.B -c
prompts for a password change.
.PP
Option
.B -v
produces more verbose output, in particular providing a few
bits of feedback to help the user detect mistyping.
.PP
Option
.B -i
says that the password should be read from standard input
instead of from 
.BR /dev/tty .
.PP
Option
.B -n
says that the password should be read from NVRAM
(see
.MR authsrv (3) )
instead of from
.BR /dev/tty .
.PP
The server is
.BR tcp!$auth!secstore ,
or the server specified by option
.BR -s .
.PP
For example, to add a secret to the file read by
.MR factotum (4) ,
run
.sp
.EX
  % cd somewhere-private
  % auth/secstore -g factotum
  secstore password:
  % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
  % auth/secstore -p factotum
  secstore password:
  % cat factotum | 9p write -l factotum/ctl
.EE
.PP
and delete the window.
The middle commands fetch the persistent copy of the secrets,
append a new secret,
and save the updated file back to secstore.
The final command loads the new secret into the running factotum.
.PP
The
.I ipso
command packages this sequence into a convenient script to simplify editing of
.I files
stored on a secure store.
It copies the named
.I files
into a private directory,
plumbs them to the editor,
and waits for a line on the console
Once a line is typed,
signifying that editing is complete,
.I ipso
prompts the user to confirm copying modifed or newly created files back to
.I secstore.
If no
.I file
is mentioned,
.I ipso
grabs all the user's files from
.I secstore
for editing.
.PP
By default, ipso will edit the
.I secstore
files and, if
one of them is named
.BR factotum ,
flush current keys from factotum and load
the new ones from the file.
If the 
.BR -e ,
.BR -f ,
or
.BR -l
options are given,
.I ipso
will just perform only the requested operations, i.e.,
edit, flush, and/or load.
.PP
The
.B -a
option of
.I ipso
provides a similar service for files encrypted by
.I aescbc
.RI ( q.v. ).
With the
.B -a
option, the full rooted pathname of the
.I file
must be specified and all
.I files
must be encrypted with the same key.
Also with
.BR -a ,
newly created files are ignored.
.PP
.I Aescbc
encrypts and decrypts using AES (Rijndael) in cipher
block chaining (CBC) mode.
.SH SOURCE
.B \*9/bin/ipso
.br
.B \*9/src/cmd/auth/secstore
.SH SEE ALSO
.MR factotum (4) ,
.MR secstored (1)
.SH BUGS
There is deliberately no backup of files on the secstore, so
.B -r
(or a disk crash) is irrevocable.  You are advised to store
important secrets in a second location.
.PP
When using
.IR ipso ,
secrets will appear as plain text in the editor window,
so use the command in private.
.PP
Establishing a private directory in which to store the secret
files is difficult on Unix.
On most systems,
.I ipso
creates a mode 700 directory
.BI /tmp/ipso. user
and works there.
On Linux systems,
.I ipso
looks for a
.B tmpfs
file system; if it exists, 
.I ipso
creates the
.BI ipso. user
directory in its root
instead of
.BR /tmp .
.PP
.I Ipso
should zero the secret files before removing them.