SECSTORE(1)                                           SECSTORE(1)

     NAME
          aescbc, ipso, secstore - secstore commands

     SYNOPSIS
          secstore [ -s server ] [ -(g|G) getfile ] [ -p putfile ] [
          -r rmfile ] [ -c ] [ -u user ] [ -v ] [ -i ]

          aescbc -e <cleartext >ciphertext
          aescbc -d <ciphertext >cleartext

          ipso [ -a -e -l -f ] [ file ...  ]

     DESCRIPTION
          Secstore authenticates to the server using a password and
          optionally a hardware token, then saves or retrieves a file.
          This is intended to be a credentials store (public/private
          keypairs, passwords, and other secrets) for a factotum.

          Option -p stores a file on the secstore.

          Option -g retrieves a file to the local directory; option -G
          writes it to standard output instead.  Specifying getfile of
          . will send to standard output a list of remote files with
          dates, lengths and SHA1 hashes.

          Option -r removes a file from the secstore.

          Option -c prompts for a password change.

          Option -v produces more verbose output, in particular pro-
          viding a few bits of feedback to help the user detect
          mistyping.

          Option -i says that the password should be read from stan-
          dard input instead of from /dev/tty.

          Option -n says that the password should be read from NVRAM
          (see authsrv(3)) instead of from /dev/tty.

          The server is tcp!$auth!secstore, or the server specified by
          option -s.

          For example, to add a secret to the file read by
          factotum(4), run

            % cd somewhere-private
            % auth/secstore -g factotum
            secstore password:
            % echo 'key proto=apop dom=x.com user=ehg !password=hi' >> factotum
            % auth/secstore -p factotum

     SECSTORE(1)                                           SECSTORE(1)

            secstore password:
            % cat factotum | 9p write -l factotum/ctl

          and delete the window.  The middle commands fetch the per-
          sistent copy of the secrets, append a new secret, and save
          the updated file back to secstore.  The final command loads
          the new secret into the running factotum.

          The ipso command packages this sequence into a convenient
          script to simplify editing of files stored on a secure
          store.  It copies the named files into a private directory,
          plumbs them to the editor, and waits for a line on the con-
          sole Once a line is typed, signifying that editing is com-
          plete, ipso prompts the user to confirm copying modifed or
          newly created files back to secstore. If no file is men-
          tioned, ipso grabs all the user's files from secstore for
          editing.

          By default, ipso will edit the secstore files and, if one of
          them is named factotum, flush current keys from factotum and
          load the new ones from the file.  If the -e, -f, or -l
          options are given, ipso will just perform only the requested
          operations, i.e., edit, flush, and/or load.

          The -a option of ipso provides a similar service for files
          encrypted by aescbc (q.v.).  With the -a option, the full
          rooted pathname of the file must be specified and all files
          must be encrypted with the same key.  Also with -a, newly
          created files are ignored.

          Aescbc encrypts and decrypts using AES (Rijndael) in cipher
          block chaining (CBC) mode.

     SOURCE
          /bin/ipso
          /src/cmd/auth/secstore

     SEE ALSO
          factotum(4), secstored(1)

     BUGS
          There is deliberately no backup of files on the secstore, so
          -r (or a disk crash) is irrevocable.  You are advised to
          store important secrets in a second location.

          When using ipso, secrets will appear as plain text in the
          editor window, so use the command in private.

          Establishing a private directory in which to store the
          secret files is difficult on Unix.  On most systems, ipso
          creates a mode 700 directory /tmp/ipso.user and works there.
          On Linux systems, ipso looks for a tmpfs file system; if it

     SECSTORE(1)                                           SECSTORE(1)

          exists, ipso creates the ipso.user directory in its root
          instead of /tmp.

          Ipso should zero the secret files before removing them.