SECSTORE man page on Plan9

Man page or keyword search:  
man Server   549 pages
apropos Keyword Search (all sections)
Output format
Plan9 logo
[printable version]

SECSTORE(1)							   SECSTORE(1)

       aescbc, ipso, secstore - secstore commands

       auth/secstore [ -cinv ] [ -(g|G) getfile ] [ -p putfile ] [ -r rmfile ]
       [ -s server ] [ -u user ]

       auth/aescbc -e [ -in ] <cleartext >ciphertext
       auth/aescbc -d [ -in ] <ciphertext >cleartext

       ipso [ -a -e -l -f -s ] [ file ...  ]

       Secstore authenticates to a secure-store server using  a	 password  and
       optionally  a  hardware token, then saves or retrieves a file.  This is
       intended to be a credentials store (public/private keypairs, passwords,
       and other secrets) for a factotum.

       Option -c prompts for a password change.

       Option  -g retrieves a file to the local directory; option -G writes it
       to standard output instead.  Specifying getfile of will send  to	 stan‐
       dard output a list of remote files with dates, lengths and SHA1 hashes.

       Option  -i  says	 that  the password should be read from standard input
       instead of from /dev/cons.

       Option -n says that the password should be read from NVRAM  (see	 auth‐
       srv(2)) instead of from /dev/cons.

       Option -p stores a file on the secstore.

       Option -r removes a file from the secstore.

       The server is tcp!$auth!secstore, or the server specified by option -s.

       Option -u accesses the secure-store files belonging to user.

       Option  -v  produces more verbose output, in particular providing a few
       bits of feedback to help the user detect mistyping.

       For example, to add a  secret  to  the  file  read  by  factotum(4)  at
       startup, open a new window, type

	 % ramfs -p; cd /tmp
	 % auth/secstore -g factotum
	 secstore password:
	 % echo 'key proto=apop user=ehg !password=hi' >> factotum
	 % auth/secstore -p factotum
	 secstore password:
	 % read -m factotum > /mnt/factotum/ctl

       and delete the window.  The first line creates an ephemeral memory-res‐
       ident workspace, invisible to others and automatically removed when the
       window  is  deleted.  The next three commands fetch the persistent copy
       of the secrets, append a new secret, and save the updated file back  to
       secstore.  The final command loads the new secret into the running fac‐

       The ipso command packages this sequence into  a	convenient  script  to
       simplify	 editing  of  files  stored  on a secure store.	 It copies the
       named files into a local ramfs(4) and invokes acme(1)  on  them.	  When
       the  editor  exits, ipso prompts the user to confirm copying modifed or
       newly created files back to secstore.  If no file  is  mentioned,  ipso
       grabs all the user's files from secstore for editing.

       By  default,  ipso  will edit the secstore files and, if one of them is
       named factotum, flush current keys from factotum and load the new  ones
       from  the file.	If the -e, -f, or -l options are given, ipso will just
       perform only the requested operations, i.e., edit, flush, and/or load.

       The -s option of ipso invokes sam(1) as the editor insted of acme;  the
       -a  option  provides  a	similar	 service for files encrypted by aescbc
       (q.v.).	With the -a option, the full rooted pathname of the file  must
       be  specified  and all files must be encrypted with the same key.  Also
       with -a, newly created files are ignored.

       Aescbc encrypts (under and decrypts  (under  using  AES	(Rijndael)  in
       cipher  block  chaining	(CBC)  mode.  Options and are as per secstore,
       except that reads from file descriptor 3.


       factotum(4), secstore(8)

       There is deliberately no backup of files on the secstore, so -r	(or  a
       disk crash) is irrevocable.  You are advised to store important secrets
       in a second location.

       When using ipso, secrets will appear as plain text in the  editor  win‐
       dow, so use the command in private.

                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server Plan9

List of man pages available for Plan9

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net