aescbc, ipso, secstore – secstore commands|
secstore [ −s server ] [ −(g|G) getfile ] [ −p putfile ] [ −r
rmfile ] [ −c ] [ −u user ] [ −v ] [ −i ]
aescbc -e <cleartext >ciphertext|
aescbc -d <ciphertext >cleartext
ipso [ −a −e −l −f ] [ file ... ]
Secstore authenticates to the server using a password and optionally
a hardware token, then saves or retrieves a file. This is intended
to be a credentials store (public/private keypairs, passwords,
and other secrets) for a factotum.
Option −p stores a file on the secstore.
Option −g retrieves a file to the local directory; option −G writes
it to standard output instead. Specifying getfile of . will send
to standard output a list of remote files with dates, lengths
and SHA1 hashes.
Option −r removes a file from the secstore.
Option −c prompts for a password change.
Option −v produces more verbose output, in particular providing
a few bits of feedback to help the user detect mistyping.
Option −i says that the password should be read from standard
input instead of from /dev/tty.
Option −n says that the password should be read from NVRAM (see
authsrv(3)) instead of from /dev/tty.
The server is tcp!$auth!secstore, or the server specified by option
For example, to add a secret to the file read by factotum(4),
and delete the window. The middle commands fetch the persistent
copy of the secrets, append a new secret, and save the updated
file back to secstore. The final command loads the new secret
into the running factotum.
The ipso command packages this sequence into a convenient script
to simplify editing of files stored on a secure store. It copies
the named files into a private directory, plumbs them to the editor,
and waits for a line on the console Once a line is typed, signifying
that editing is complete, ipso prompts the user to confirm copying
modifed or newly created
files back to secstore. If no file is mentioned, ipso grabs all
the user’s files from secstore for editing.
By default, ipso will edit the secstore files and, if one of them
is named factotum, flush current keys from factotum and load the
new ones from the file. If the −e, −f, or −l options are given,
ipso will just perform only the requested operations, i.e., edit,
flush, and/or load.
The −a option of ipso provides a similar service for files encrypted
by aescbc (q.v.). With the −a option, the full rooted pathname
of the file must be specified and all files must be encrypted
with the same key. Also with −a, newly created files are ignored.
Aescbc encrypts and decrypts using AES (Rijndael) in cipher block
chaining (CBC) mode.
% cd somewhere−private|
% auth/secstore −g factotum
% echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
% auth/secstore −p factotum
% cat factotum | 9p write −l factotum/ctl
There is deliberately no backup of files on the secstore, so −r
(or a disk crash) is irrevocable. You are advised to store important
secrets in a second location.
When using ipso, secrets will appear as plain text in the editor
window, so use the command in private.
Establishing a private directory in which to store the secret
files is difficult on Unix. On most systems, ipso creates a mode
700 directory /tmp/ipso.user and works there. On Linux systems,
ipso looks for a tmpfs file system; if it exists, ipso creates
the ipso.user directory in its root instead of /tmp.
Ipso should zero the secret files before removing them.|