more
This commit is contained in:
rsc
parent
6acff93f3d
commit
8e4cf69e46
1 changed files with 94 additions and 78 deletions
|
|
@ -1,6 +1,6 @@
|
||||||
.TH SECSTORE 1
|
.TH SECSTORE 1
|
||||||
.SH NAME
|
.SH NAME
|
||||||
aescbc, secstore \- secstore commands
|
aescbc, ipso, secstore \- secstore commands
|
||||||
.SH SYNOPSIS
|
.SH SYNOPSIS
|
||||||
.B secstore
|
.B secstore
|
||||||
[
|
[
|
||||||
|
|
@ -42,14 +42,14 @@ aescbc, secstore \- secstore commands
|
||||||
-d
|
-d
|
||||||
.I <ciphertext
|
.I <ciphertext
|
||||||
.I >cleartext
|
.I >cleartext
|
||||||
.\" .PP
|
.PP
|
||||||
.\" .B ipso
|
.B ipso
|
||||||
.\" [
|
[
|
||||||
.\" .B -a -e -l -f -s
|
.B -a -e -l -f
|
||||||
.\" ] [
|
] [
|
||||||
.\" .I file
|
.I file
|
||||||
.\" \&...
|
\&...
|
||||||
.\" ]
|
]
|
||||||
.SH DESCRIPTION
|
.SH DESCRIPTION
|
||||||
.PP
|
.PP
|
||||||
.I Secstore
|
.I Secstore
|
||||||
|
|
@ -125,70 +125,64 @@ The middle commands fetch the persistent copy of the secrets,
|
||||||
append a new secret,
|
append a new secret,
|
||||||
and save the updated file back to secstore.
|
and save the updated file back to secstore.
|
||||||
The final command loads the new secret into the running factotum.
|
The final command loads the new secret into the running factotum.
|
||||||
.\" .PP
|
.PP
|
||||||
.\" The
|
The
|
||||||
.\" .I ipso
|
.I ipso
|
||||||
.\" command packages this sequence into a convenient script to simplify editing of
|
command packages this sequence into a convenient script to simplify editing of
|
||||||
.\" .I files
|
.I files
|
||||||
.\" stored on a secure store.
|
stored on a secure store.
|
||||||
.\" It copies the named
|
It copies the named
|
||||||
.\" .I files
|
.I files
|
||||||
.\" into a local
|
into a private directory,
|
||||||
.\" .IR ramfs (4)
|
plumbs them to the editor,
|
||||||
.\" and invokes
|
and waits for a line on the console
|
||||||
.\" .IR acme (1)
|
Once a line is typed,
|
||||||
.\" on them. When the editor exits,
|
signifying that editing is complete,
|
||||||
.\" .I ipso
|
.I ipso
|
||||||
.\" prompts the user to confirm copying modifed or newly created files back to
|
prompts the user to confirm copying modifed or newly created files back to
|
||||||
.\" .I secstore.
|
.I secstore.
|
||||||
.\" If no
|
If no
|
||||||
.\" .I file
|
.I file
|
||||||
.\" is mentioned,
|
is mentioned,
|
||||||
.\" .I ipso
|
.I ipso
|
||||||
.\" grabs all the user's files from
|
grabs all the user's files from
|
||||||
.\" .I secstore
|
.I secstore
|
||||||
.\" for editing.
|
for editing.
|
||||||
.\" .PP
|
.PP
|
||||||
.\" By default, ipso will edit the
|
By default, ipso will edit the
|
||||||
.\" .I secstore
|
.I secstore
|
||||||
.\" files and, if
|
files and, if
|
||||||
.\" one of them is named
|
one of them is named
|
||||||
.\" .BR factotum ,
|
.BR factotum ,
|
||||||
.\" flush your current keys from factotum and load
|
flush current keys from factotum and load
|
||||||
.\" the new ones from the file.
|
the new ones from the file.
|
||||||
.\" If you supply any of the
|
If the
|
||||||
.\" .BR -e ,
|
.BR -e ,
|
||||||
.\" .BR -f ,
|
.BR -f ,
|
||||||
.\" or
|
or
|
||||||
.\" .BR -l
|
.BR -l
|
||||||
.\" options,
|
options are given,
|
||||||
.\" .I ipso
|
.I ipso
|
||||||
.\" will just perform the operations you requested, i.e.,
|
will just perform only the requested operations, i.e.,
|
||||||
.\" edit, flush, and/or load.
|
edit, flush, and/or load.
|
||||||
.\" .PP
|
.PP
|
||||||
.\" The
|
The
|
||||||
.\" .B -s
|
.B -a
|
||||||
.\" option of
|
option of
|
||||||
.\" .I ipso
|
.I ipso
|
||||||
.\" invokes
|
provides a similar service for files encrypted by
|
||||||
.\" .IR sam (1)
|
.I aescbc
|
||||||
.\" as the editor insted of
|
.RI ( q.v. ).
|
||||||
.\" .BR acme ;
|
With the
|
||||||
.\" the
|
.B -a
|
||||||
.\" .B -a
|
option, the full rooted pathname of the
|
||||||
.\" option provides a similar service for files encrypted by
|
.I file
|
||||||
.\" .I aescbc
|
must be specified and all
|
||||||
.\" .RI ( q.v. ).
|
.I files
|
||||||
.\" With the
|
must be encrypted with the same key.
|
||||||
.\" .B -a
|
Also with
|
||||||
.\" option, the full rooted pathname of the
|
.BR -a ,
|
||||||
.\" .I file
|
newly created files are ignored.
|
||||||
.\" must be specified and all
|
|
||||||
.\" .I files
|
|
||||||
.\" must be encrypted with the same key.
|
|
||||||
.\" Also with
|
|
||||||
.\" .BR -a ,
|
|
||||||
.\" newly created files are ignored.
|
|
||||||
.PP
|
.PP
|
||||||
.I Aescbc
|
.I Aescbc
|
||||||
encrypts and decrypts using AES (Rijndael) in cipher
|
encrypts and decrypts using AES (Rijndael) in cipher
|
||||||
|
|
@ -203,8 +197,30 @@ There is deliberately no backup of files on the secstore, so
|
||||||
.B -r
|
.B -r
|
||||||
(or a disk crash) is irrevocable. You are advised to store
|
(or a disk crash) is irrevocable. You are advised to store
|
||||||
important secrets in a second location.
|
important secrets in a second location.
|
||||||
.\" .PP
|
.PP
|
||||||
.\" When using
|
When using
|
||||||
.\" .IR ipso ,
|
.IR ipso ,
|
||||||
.\" secrets will appear as plain text in the editor window,
|
secrets will appear as plain text in the editor window,
|
||||||
.\" so use the command in private.
|
so use the command in private.
|
||||||
|
.PP
|
||||||
|
Establishing a private directory in which to store the secret
|
||||||
|
files is difficult on Unix.
|
||||||
|
On most systems,
|
||||||
|
.I ipso
|
||||||
|
creates a mode 700 directory
|
||||||
|
.BI /tmp/ipso. user
|
||||||
|
and works there.
|
||||||
|
On Linux systems,
|
||||||
|
.I ipso
|
||||||
|
looks for a
|
||||||
|
.B tmpfs
|
||||||
|
file system; if it exists,
|
||||||
|
.I ipso
|
||||||
|
creates the
|
||||||
|
.BI ipso. user
|
||||||
|
directory in its root
|
||||||
|
instead of
|
||||||
|
.BR /tmp .
|
||||||
|
.PP
|
||||||
|
.I Ipso
|
||||||
|
should zero the secret files before removing them.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue