commit 8e4cf69e46dd53a3c63aed3c24c9659472ca363a from: rsc date: Sun Feb 13 22:19:39 2005 UTC more commit - 6acff93f3df9e47a0b4b05804e08d67f478b4e91 commit + 8e4cf69e46dd53a3c63aed3c24c9659472ca363a blob - 04b29d348793f3498c7c45b69b82b6fa117a804a blob + ee35fb60b991337fa9195f315e0b67e81c5dbc87 --- man/man1/secstore.1 +++ man/man1/secstore.1 @@ -1,6 +1,6 @@ .TH SECSTORE 1 .SH NAME -aescbc, secstore \- secstore commands +aescbc, ipso, secstore \- secstore commands .SH SYNOPSIS .B secstore [ @@ -42,14 +42,14 @@ aescbc, secstore \- secstore commands -d .I cleartext -.\" .PP -.\" .B ipso -.\" [ -.\" .B -a -e -l -f -s -.\" ] [ -.\" .I file -.\" \&... -.\" ] +.PP +.B ipso +[ +.B -a -e -l -f +] [ +.I file +\&... +] .SH DESCRIPTION .PP .I Secstore @@ -125,71 +125,65 @@ The middle commands fetch the persistent copy of the s append a new secret, and save the updated file back to secstore. The final command loads the new secret into the running factotum. -.\" .PP -.\" The -.\" .I ipso -.\" command packages this sequence into a convenient script to simplify editing of -.\" .I files -.\" stored on a secure store. -.\" It copies the named -.\" .I files -.\" into a local -.\" .IR ramfs (4) -.\" and invokes -.\" .IR acme (1) -.\" on them. When the editor exits, -.\" .I ipso -.\" prompts the user to confirm copying modifed or newly created files back to -.\" .I secstore. -.\" If no -.\" .I file -.\" is mentioned, -.\" .I ipso -.\" grabs all the user's files from -.\" .I secstore -.\" for editing. -.\" .PP -.\" By default, ipso will edit the -.\" .I secstore -.\" files and, if -.\" one of them is named -.\" .BR factotum , -.\" flush your current keys from factotum and load -.\" the new ones from the file. -.\" If you supply any of the -.\" .BR -e , -.\" .BR -f , -.\" or -.\" .BR -l -.\" options, -.\" .I ipso -.\" will just perform the operations you requested, i.e., -.\" edit, flush, and/or load. -.\" .PP -.\" The -.\" .B -s -.\" option of -.\" .I ipso -.\" invokes -.\" .IR sam (1) -.\" as the editor insted of -.\" .BR acme ; -.\" the -.\" .B -a -.\" option provides a similar service for files encrypted by -.\" .I aescbc -.\" .RI ( q.v. ). -.\" With the -.\" .B -a -.\" option, the full rooted pathname of the -.\" .I file -.\" must be specified and all -.\" .I files -.\" must be encrypted with the same key. -.\" Also with -.\" .BR -a , -.\" newly created files are ignored. .PP +The +.I ipso +command packages this sequence into a convenient script to simplify editing of +.I files +stored on a secure store. +It copies the named +.I files +into a private directory, +plumbs them to the editor, +and waits for a line on the console +Once a line is typed, +signifying that editing is complete, +.I ipso +prompts the user to confirm copying modifed or newly created files back to +.I secstore. +If no +.I file +is mentioned, +.I ipso +grabs all the user's files from +.I secstore +for editing. +.PP +By default, ipso will edit the +.I secstore +files and, if +one of them is named +.BR factotum , +flush current keys from factotum and load +the new ones from the file. +If the +.BR -e , +.BR -f , +or +.BR -l +options are given, +.I ipso +will just perform only the requested operations, i.e., +edit, flush, and/or load. +.PP +The +.B -a +option of +.I ipso +provides a similar service for files encrypted by +.I aescbc +.RI ( q.v. ). +With the +.B -a +option, the full rooted pathname of the +.I file +must be specified and all +.I files +must be encrypted with the same key. +Also with +.BR -a , +newly created files are ignored. +.PP .I Aescbc encrypts and decrypts using AES (Rijndael) in cipher block chaining (CBC) mode. @@ -203,8 +197,30 @@ There is deliberately no backup of files on the secsto .B -r (or a disk crash) is irrevocable. You are advised to store important secrets in a second location. -.\" .PP -.\" When using -.\" .IR ipso , -.\" secrets will appear as plain text in the editor window, -.\" so use the command in private. +.PP +When using +.IR ipso , +secrets will appear as plain text in the editor window, +so use the command in private. +.PP +Establishing a private directory in which to store the secret +files is difficult on Unix. +On most systems, +.I ipso +creates a mode 700 directory +.BI /tmp/ipso. user +and works there. +On Linux systems, +.I ipso +looks for a +.B tmpfs +file system; if it exists, +.I ipso +creates the +.BI ipso. user +directory in its root +instead of +.BR /tmp . +.PP +.I Ipso +should zero the secret files before removing them.