man/man1/secstore.html - plan9 - Git at Google

 <head>
 <title>secstore(1) - Plan 9 from User Space</title>
 <meta content="text/html; charset=utf-8" http-equiv=Content-Type>
 </head>
 <body bgcolor=#ffffff>
 <table border=0 cellpadding=0 cellspacing=0 width=100%>
 <tr height=10><td>
 <tr><td width=20><td>
 <tr><td width=20><td><b>SECSTORE(1)</b><td align=right><b>SECSTORE(1)</b>
 <tr><td width=20><td colspan=2>
     <br>
 <p><font size=+1><b>NAME     </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     aescbc, secstore, ipso &ndash; secstore commands<br>

 </table>
 <p><font size=+1><b>SYNOPSIS     </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     <tt><font size=+1>secstore</font></tt> [ <tt><font size=+1>&#8722;s</font></tt> <i>server</i> ] [ <tt><font size=+1>&#8722;(g|G)</font></tt> <i>getfile</i> ] [ <tt><font size=+1>&#8722;p</font></tt> <i>putfile</i> ] [ <tt><font size=+1>&#8722;r</font></tt>
     <i>rmfile</i> ] [ <tt><font size=+1>&#8722;c</font></tt> ] [ <tt><font size=+1>&#8722;u</font></tt> <i>user</i> ] [ <tt><font size=+1>&#8722;v</font></tt> ] [ <tt><font size=+1>&#8722;i</font></tt> ]
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     <tt><font size=+1>aescbc</font></tt> -e <i>&lt;cleartext &gt;ciphertext<br>
     </i><tt><font size=+1>aescbc</font></tt> -d <i>&lt;ciphertext &gt;cleartext
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
     </i>
     <tt><font size=+1>ipso</font></tt> [ <tt><font size=+1>&#8722;a &#8722;e &#8722;l &#8722;f &#8722;s</font></tt> ] [ <i>file</i> ... ]
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>


 </table>
 <p><font size=+1><b>DESCRIPTION     </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>


 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     <i>Secstore</i> authenticates to the server using a password and optionally
     a hardware token, then saves or retrieves a file. This is intended
     to be a credentials store (public/private keypairs, passwords,
     and other secrets) for a factotum.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     Option <tt><font size=+1>&#8722;p</font></tt> stores a file on the secstore.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     Option <tt><font size=+1>&#8722;g</font></tt> retrieves a file to the local directory; option <tt><font size=+1>&#8722;G</font></tt> writes
     it to standard output instead. Specifying <i>getfile</i> of . will send
     to standard output a list of remote files with dates, lengths
     and SHA1 hashes.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     Option <tt><font size=+1>&#8722;r</font></tt> removes a file from the secstore.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     Option <tt><font size=+1>&#8722;c</font></tt> prompts for a password change.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     Option <tt><font size=+1>&#8722;v</font></tt> produces more verbose output, in particular providing
     a few bits of feedback to help the user detect mistyping.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     Option <tt><font size=+1>&#8722;i</font></tt> says that the password should be read from standard
     input instead of from <tt><font size=+1>/dev/cons</font></tt>.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     Option <tt><font size=+1>&#8722;n</font></tt> says that the password should be read from NVRAM instead
     of from <tt><font size=+1>/dev/cons</font></tt>. This option is unsupported.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     The server is <tt><font size=+1>tcp!$auth!5356</font></tt>, or the server specified by option
     <tt><font size=+1>&#8722;s</font></tt>.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     For example, to add a secret to the file read by <a href="../man4/factotum.html"><i>factotum</i>(4)</a> at
     startup, open a new window, type<br>

     <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

         <tt><font size=+1>% ramfs &#8722;p; cd /tmp<br>
          % auth/secstore &#8722;g factotum<br>
          secstore password:<br>
          % echo 'key proto=apop dom=x.com user=ehg !password=hi' &gt;&gt; factotum<br>
          % auth/secstore &#8722;p factotum<br>
          secstore password:<br>
          % read &#8722;m factotum &gt; /mnt/factotum/ctl<br>

         <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
         </font></tt>

     </table>
     and delete the window. The first line creates an ephemeral memory-resident
     workspace, invisible to others and automatically removed when
     the window is deleted. The next three commands fetch the persistent
     copy of the secrets, append a new secret, and save the updated
     file back to secstore. The final command
     loads the new secret into the running factotum.
     <table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

     <i>Aescbc</i> encrypts and decrypts using AES (Rijndael) in cipher block
     chaining (CBC) mode.<br>

 </table>
 <p><font size=+1><b>SOURCE     </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     <tt><font size=+1>/usr/local/plan9/src/cmd/secstore<br>
     </font></tt>
 </table>
 <p><font size=+1><b>SEE ALSO    </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     <a href="../man4/factotum.html"><i>factotum</i>(4)</a>, Plan 9&#8217;s <i>secstore</i>(8)<br>

 </table>
 <p><font size=+1><b>BUGS     </b></font><br>

 <table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

     There is deliberately no backup of files on the secstore, so <tt><font size=+1>&#8722;r</font></tt>
     (or a disk crash) is irrevocable. You are advised to store important
     secrets in a second location.<br>

 </table>

 <td width=20>
 <tr height=20><td>
 </table>
 <!-- TRAILER -->
 <table border=0 cellpadding=0 cellspacing=0 width=100%>
 <tr height=15><td width=10><td><td width=10>
 <tr><td><td>
 <center>
 <a href="../../"><img src="../../dist/spaceglenda100.png" alt="Space Glenda" border=1></a>
 </center>
 </table>
 <!-- TRAILER -->
 </body></html>
	<head>
	<title>secstore(1) - Plan 9 from User Space</title>
	<meta content="text/html; charset=utf-8" http-equiv=Content-Type>
	</head>
	<body bgcolor=#ffffff>
	<table border=0 cellpadding=0 cellspacing=0 width=100%>
	<tr height=10><td>
	<tr><td width=20><td>
	<tr><td width=20><td><b>SECSTORE(1)</b><td align=right><b>SECSTORE(1)</b>
	<tr><td width=20><td colspan=2>
	<br>
	<p><font size=+1><b>NAME </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	aescbc, secstore, ipso – secstore commands<br>

	</table>
	<p><font size=+1><b>SYNOPSIS </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	<tt><font size=+1>secstore</font></tt> [ <tt><font size=+1>−s</font></tt> <i>server</i> ] [ <tt><font size=+1>−(g\|G)</font></tt> <i>getfile</i> ] [ <tt><font size=+1>−p</font></tt> <i>putfile</i> ] [ <tt><font size=+1>−r</font></tt>
	<i>rmfile</i> ] [ <tt><font size=+1>−c</font></tt> ] [ <tt><font size=+1>−u</font></tt> <i>user</i> ] [ <tt><font size=+1>−v</font></tt> ] [ <tt><font size=+1>−i</font></tt> ]
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	<tt><font size=+1>aescbc</font></tt> -e <i><cleartext >ciphertext<br>
	</i><tt><font size=+1>aescbc</font></tt> -d <i><ciphertext >cleartext
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
	</i>
	<tt><font size=+1>ipso</font></tt> [ <tt><font size=+1>−a −e −l −f −s</font></tt> ] [ <i>file</i> ... ]
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>


	</table>
	<p><font size=+1><b>DESCRIPTION </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>


	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	<i>Secstore</i> authenticates to the server using a password and optionally
	a hardware token, then saves or retrieves a file. This is intended
	to be a credentials store (public/private keypairs, passwords,
	and other secrets) for a factotum.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	Option <tt><font size=+1>−p</font></tt> stores a file on the secstore.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	Option <tt><font size=+1>−g</font></tt> retrieves a file to the local directory; option <tt><font size=+1>−G</font></tt> writes
	it to standard output instead. Specifying <i>getfile</i> of . will send
	to standard output a list of remote files with dates, lengths
	and SHA1 hashes.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	Option <tt><font size=+1>−r</font></tt> removes a file from the secstore.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	Option <tt><font size=+1>−c</font></tt> prompts for a password change.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	Option <tt><font size=+1>−v</font></tt> produces more verbose output, in particular providing
	a few bits of feedback to help the user detect mistyping.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	Option <tt><font size=+1>−i</font></tt> says that the password should be read from standard
	input instead of from <tt><font size=+1>/dev/cons</font></tt>.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	Option <tt><font size=+1>−n</font></tt> says that the password should be read from NVRAM instead
	of from <tt><font size=+1>/dev/cons</font></tt>. This option is unsupported.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	The server is <tt><font size=+1>tcp!$auth!5356</font></tt>, or the server specified by option
	<tt><font size=+1>−s</font></tt>.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	For example, to add a secret to the file read by <a href="../man4/factotum.html"><i>factotum</i>(4)</a> at
	startup, open a new window, type<br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	<tt><font size=+1>% ramfs −p; cd /tmp<br>
	% auth/secstore −g factotum<br>
	secstore password:<br>
	% echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum<br>
	% auth/secstore −p factotum<br>
	secstore password:<br>
	% read −m factotum > /mnt/factotum/ctl<br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>
	</font></tt>

	</table>
	and delete the window. The first line creates an ephemeral memory-resident
	workspace, invisible to others and automatically removed when
	the window is deleted. The next three commands fetch the persistent
	copy of the secrets, append a new secret, and save the updated
	file back to secstore. The final command
	loads the new secret into the running factotum.
	<table border=0 cellpadding=0 cellspacing=0><tr height=5><td></table>

	<i>Aescbc</i> encrypts and decrypts using AES (Rijndael) in cipher block
	chaining (CBC) mode.<br>

	</table>
	<p><font size=+1><b>SOURCE </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	<tt><font size=+1>/usr/local/plan9/src/cmd/secstore<br>
	</font></tt>
	</table>
	<p><font size=+1><b>SEE ALSO </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	<a href="../man4/factotum.html"><i>factotum</i>(4)</a>, Plan 9’s <i>secstore</i>(8)<br>

	</table>
	<p><font size=+1><b>BUGS </b></font><br>

	<table border=0 cellpadding=0 cellspacing=0><tr height=2><td><tr><td width=20><td>

	There is deliberately no backup of files on the secstore, so <tt><font size=+1>−r</font></tt>
	(or a disk crash) is irrevocable. You are advised to store important
	secrets in a second location.<br>

	</table>

	<td width=20>
	<tr height=20><td>
	</table>
	<!-- TRAILER -->
	<table border=0 cellpadding=0 cellspacing=0 width=100%>
	<tr height=15><td width=10><td><td width=10>
	<tr><td><td>
	<center>
	<a href="../../"><img src="../../dist/spaceglenda100.png" alt="Space Glenda" border=1></a>
	</center>
	</table>
	<!-- TRAILER -->
	</body></html>