plan9port/man/man1/secstore.html

<head>
<title>secstore(1) - Plan 9 from User Space</title>
<meta content="text/html; charset=utf-8" http-equiv=Content-Type>
</head>
<body bgcolor=#ffffff>
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr height=10><td>
<tr><td width=20><td>
<tr><td width=20><td><b>SECSTORE(1)</b><td align=right><b>SECSTORE(1)</b>
<tr><td width=20><td colspan=2>
    <br>
<p><font size=+1><b>NAME     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    aescbc, secstore, ipso &ndash; secstore commands<br>
    
</table>
<p><font size=+1><b>SYNOPSIS     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    <tt><font size=+1>secstore</font></tt> [ <tt><font size=+1>&#8722;s</font></tt> <i>server</i> ] [ <tt><font size=+1>&#8722;(g|G)</font></tt> <i>getfile</i> ] [ <tt><font size=+1>&#8722;p</font></tt> <i>putfile</i> ] [ <tt><font size=+1>&#8722;r</font></tt>
    <i>rmfile</i> ] [ <tt><font size=+1>&#8722;c</font></tt> ] [ <tt><font size=+1>&#8722;u</font></tt> <i>user</i> ] [ <tt><font size=+1>&#8722;v</font></tt> ] [ <tt><font size=+1>&#8722;i</font></tt> ] 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    <tt><font size=+1>aescbc</font></tt> -e <i>&lt;cleartext &gt;ciphertext<br>
    </i><tt><font size=+1>aescbc</font></tt> -d <i>&lt;ciphertext &gt;cleartext 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    </i>
    <tt><font size=+1>ipso</font></tt> [ <tt><font size=+1>&#8722;a &#8722;e &#8722;l &#8722;f &#8722;s</font></tt> ] [ <i>file</i> ... ] 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    
</table>
<p><font size=+1><b>DESCRIPTION     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>


<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    <i>Secstore</i> authenticates to the server using a password and optionally
    a hardware token, then saves or retrieves a file. This is intended
    to be a credentials store (public/private keypairs, passwords,
    and other secrets) for a factotum. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;p</font></tt> stores a file on the secstore. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;g</font></tt> retrieves a file to the local directory; option <tt><font size=+1>&#8722;G</font></tt> writes
    it to standard output instead. Specifying <i>getfile</i> of . will send
    to standard output a list of remote files with dates, lengths
    and SHA1 hashes. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;r</font></tt> removes a file from the secstore. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;c</font></tt> prompts for a password change. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;v</font></tt> produces more verbose output, in particular providing
    a few bits of feedback to help the user detect mistyping. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;i</font></tt> says that the password should be read from standard
    input instead of from <tt><font size=+1>/dev/cons</font></tt>. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    Option <tt><font size=+1>&#8722;n</font></tt> says that the password should be read from NVRAM instead
    of from <tt><font size=+1>/dev/cons</font></tt>. This option is unsupported. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    The server is <tt><font size=+1>tcp!$auth!5356</font></tt>, or the server specified by option
    <tt><font size=+1>&#8722;s</font></tt>. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    For example, to add a secret to the file read by <a href="../man4/factotum.html"><i>factotum</i>(4)</a> at
    startup, open a new window, type<br>
     
    <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

        <tt><font size=+1>% ramfs &#8722;p; cd /tmp<br>
         % auth/secstore &#8722;g factotum<br>
         secstore password:<br>
         % echo 'key proto=apop dom=x.com user=ehg !password=hi' &gt;&gt; factotum<br>
         % auth/secstore &#8722;p factotum<br>
         secstore password:<br>
         % read &#8722;m factotum &gt; /mnt/factotum/ctl<br>
        
        <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
        </font></tt>
        
    </table>
    and delete the window. The first line creates an ephemeral memory-resident
    workspace, invisible to others and automatically removed when
    the window is deleted. The next three commands fetch the persistent
    copy of the secrets, append a new secret, and save the updated
    file back to secstore. The final command
    loads the new secret into the running factotum. 
    <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
    
    <i>Aescbc</i> encrypts and decrypts using AES (Rijndael) in cipher block
    chaining (CBC) mode.<br>
    
</table>
<p><font size=+1><b>SOURCE     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    <tt><font size=+1>/usr/local/plan9/src/cmd/secstore<br>
    </font></tt>
</table>
<p><font size=+1><b>SEE ALSO    </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    <a href="../man4/factotum.html"><i>factotum</i>(4)</a>, Plan 9&#8217;s <i>secstore</i>(8)<br>
    
</table>
<p><font size=+1><b>BUGS     </b></font><br>

<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

    There is deliberately no backup of files on the secstore, so <tt><font size=+1>&#8722;r</font></tt>
    (or a disk crash) is irrevocable. You are advised to store important
    secrets in a second location.<br>
    
</table>

<td width=20>
<tr height=20><td>
</table>
<!-- TRAILER -->
<table border=0 cellpadding=0 cellspacing=0 width=100%>
<tr height=15><td width=10><td><td width=10>
<tr><td><td>
<center>
<a href="../../"><img src="../../dist/spaceglenda100.png" alt="Space Glenda" border=1></a>
</center>
</table>
<!-- TRAILER -->
</body></html>