SECSTORE(1)SECSTORE(1)
NAME
aescbc, ipso, secstore – secstore commands
SYNOPSIS
auth/secstore
[
-cinv
] [
-(g|G)
getfile
] [
-p
putfile
] [
-r
rmfile
] [
-s
server
] [
-u
user
]
auth/aescbc
-e
[ -in ]
<cleartext
>ciphertext
auth/aescbc
-d
[ -in ]
<ciphertext
>cleartext
ipso
[
-a -e -l -f -s
] [
file
...
]
DESCRIPTION
Secstore
authenticates to a secure-store server
using a password and optionally a hardware token,
then saves or retrieves a file.
This is intended to be a credentials store (public/private keypairs,
passwords, and other secrets) for a factotum.
Option
-c
prompts for a password change.
Option
-g
retrieves a file to the local directory;
option
-G
writes it to standard output instead.
Specifying
getfile
of
.
will send to standard output
a list of remote files with dates, lengths and SHA1 hashes.
Option
-i
says that the password should be read from standard input
instead of from
/dev/cons.
Option
-n
says that the password should be read from NVRAM
(see
authsrv(2))
instead of from
/dev/cons.
Option
-p
stores a file on the secstore.
Option
-r
removes a file from the secstore.
Option
-s
sets the dial string of the
secstore(8)
server. The default is contained in the
$secstore
environment variable. If the
-s
option is absent and
$secstore
is empty,
secstore(1)
will attempt to dial
tcp!$auth!secstore.
Option
-u
access the secure-store files belonging to
user.
Option
-v
produces more verbose output, in particular providing a few
bits of feedback to help the user detect mistyping.
For example, to add a secret to the file read by
factotum(4)
at startup, open a new window, type
% ramfs -p; cd /tmp
% auth/secstore -g factotum
secstore password:
% echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
% auth/secstore -p factotum
secstore password:
% read -m factotum > /mnt/factotum/ctl
and delete the window.
The first line creates an ephemeral memory-resident workspace,
invisible to others and automatically removed when the window is deleted.
The next three commands fetch the persistent copy of the secrets,
append a new secret,
and save the updated file back to secstore.
The final command loads the new secret into the running factotum.
The
ipso
command packages this sequence into a convenient script to simplify editing of
files
stored on a secure store.
It copies the named
files
into a local
ramfs(4)
and invokes
acme(1)
on them. When the editor exits,
ipso
prompts the user to confirm copying modifed or newly created files back to
secstore.
If no
file
is mentioned,
ipso
grabs all the user’s files from
secstore
for editing.
By default,
ipso
will edit the
secstore
files and, if
one of them is named
factotum,
flush current keys from factotum and load
the new ones from the file.
If the
-e,
-f,
or
-l
options are given,
ipso
will just perform only the requested operations, i.e.,
edit, flush, and/or load.
The
-s
option of
ipso
invokes
sam(1)
as the editor insted of
acme;
the
-a
option provides a similar service for files encrypted by
aescbc
(q.v.).
With the
-a
option, the full rooted pathname of the
file
must be specified and all
files
must be encrypted with the same key.
Also with
-a,
newly created files are ignored.
Aescbc
encrypts (under
-e)
and decrypts (under
-d)
using AES (Rijndael) in cipher block chaining (CBC) mode.
Options
i
and
n
are as per
secstore,
except that
i
reads from file descriptor 3.
SOURCE
/rc/bin/ipso
/sys/src/cmd/auth/secstore
SEE
factotum(4),
secstore(8)
DIAGNOSTICS
Secstore sets error status on failure but will not print an error
message when reading NVRAM or dialing the secstore server fails
unless the
-v
flag is specified.
BUGS
There is deliberately no backup of files on the secstore, so
-r
(or a disk crash) is irrevocable. You are advised to store
important secrets in a second location.
When using
ipso,
secrets will appear as plain text in the editor window,
so use the command in private.