man/man1/secstore.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

<head>
<title>secstore(1) - Plan 9 from User Space</title>
<meta content="text/html; charset=utf-8" http-equiv=Content-Type>
</head>
<body bgcolor=#ffffff>
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr height=10><td>
<tr><td width=20><td>
<tr><td width=20><td><b>SECSTORE(1)</b><td align=right><b>SECSTORE(1)</b>
<tr><td width=20><td colspan=2>
    <br>
<p><font size=+1><b>NAME     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    aescbc, secstore, ipso &ndash; secstore commands<br>
    
</table>
<p><font size=+1><b>SYNOPSIS     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    <tt><font size=+1>secstore</font></tt> [ <tt><font size=+1>&#8722;s</font></tt> <i>server</i> ] [ <tt><font size=+1>&#8722;(g|G)</font></tt> <i>getfile</i> ] [ <tt><font size=+1>&#8722;p</font></tt> <i>putfile</i> ] [ <tt><font size=+1>&#8722;r</font></tt>
    <i>rmfile</i> ] [ <tt><font size=+1>&#8722;c</font></tt> ] [ <tt><font size=+1>&#8722;u</font></tt> <i>user</i> ] [ <tt><font size=+1>&#8722;v</font></tt> ] [ <tt><font size=+1>&#8722;i</font></tt> ] 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    <tt><font size=+1>aescbc</font></tt> -e <i>&lt;cleartext &gt;ciphertext<br>
    </i><tt><font size=+1>aescbc</font></tt> -d <i>&lt;ciphertext &gt;cleartext 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    </i>
    <tt><font size=+1>ipso</font></tt> [ <tt><font size=+1>&#8722;a &#8722;e &#8722;l &#8722;f &#8722;s</font></tt> ] [ <i>file</i> ... ] 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    
</table>
<p><font size=+1><b>DESCRIPTION     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>


<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    <i>Secstore</i> authenticates to the server using a password and optionally
    a hardware token, then saves or retrieves a file. This is intended
    to be a credentials store (public/private keypairs, passwords,
    and other secrets) for a factotum. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;p</font></tt> stores a file on the secstore. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;g</font></tt> retrieves a file to the local directory; option <tt><font size=+1>&#8722;G</font></tt> writes
    it to standard output instead. Specifying <i>getfile</i> of . will send
    to standard output a list of remote files with dates, lengths
    and SHA1 hashes. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;r</font></tt> removes a file from the secstore. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;c</font></tt> prompts for a password change. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;v</font></tt> produces more verbose output, in particular providing
    a few bits of feedback to help the user detect mistyping. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;i</font></tt> says that the password should be read from standard
    input instead of from <tt><font size=+1>/dev/cons</font></tt>. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;n</font></tt> says that the password should be read from NVRAM instead
    of from <tt><font size=+1>/dev/cons</font></tt>. This option is unsupported. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    The server is <tt><font size=+1>tcp!$auth!5356</font></tt>, or the server specified by option
    <tt><font size=+1>&#8722;s</font></tt>. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    For example, to add a secret to the file read by <a href="../man4/factotum.html"><i>factotum</i>(4)</a> at
    startup, open a new window, type<br>
     
    <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

        <tt><font size=+1>% ramfs &#8722;p; cd /tmp<br>
         % auth/secstore &#8722;g factotum<br>
         secstore password:<br>
         % echo 'key proto=apop dom=x.com user=ehg !password=hi' &gt;&gt; factotum<br>
         % auth/secstore &#8722;p factotum<br>
         secstore password:<br>
         % read &#8722;m factotum &gt; /mnt/factotum/ctl<br>
        
        <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
        </font></tt>
        
    </table>
    and delete the window. The first line creates an ephemeral memory-resident
    workspace, invisible to others and automatically removed when
    the window is deleted. The next three commands fetch the persistent
    copy of the secrets, append a new secret, and save the updated
    file back to secstore. The final command
    loads the new secret into the running factotum. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    <i>Aescbc</i> encrypts and decrypts using AES (Rijndael) in cipher block
    chaining (CBC) mode.<br>
    
</table>
<p><font size=+1><b>SOURCE     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    <tt><font size=+1>/usr/local/plan9/src/cmd/secstore<br>
    </font></tt>
</table>
<p><font size=+1><b>SEE ALSO    </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    <a href="../man4/factotum.html"><i>factotum</i>(4)</a>, Plan 9&#8217;s <i>secstore</i>(8)<br>
    
</table>
<p><font size=+1><b>BUGS     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    There is deliberately no backup of files on the secstore, so <tt><font size=+1>&#8722;r</font></tt>
    (or a disk crash) is irrevocable. You are advised to store important
    secrets in a second location.<br>
    
</table>

<td width=20>
<tr height=20><td>
</table>
<!-- TRAILER -->
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr height=15><td width=10><td><td width=10>
<tr><td><td>
<center>
<a href="../../"><img src="../../dist/spaceglenda100.png" alt="Space Glenda" border=1></a>
</center>
</table>
<!-- TRAILER -->
</body></html>