SECSTORE(1)                                           SECSTORE(1)

          aescbc, ipso, secstore - secstore commands

          auth/secstore [ -cinv ] [ -(g|G) getfile ] [ -p putfile ] [
          -r rmfile ] [ -s server ] [ -u user ]

          auth/aescbc -e [ -in ] <cleartext >ciphertext
          auth/aescbc -d [ -in ] <ciphertext >cleartext

          ipso [ -a -e -l -f -s ] [ file ...  ]

          Secstore authenticates to a secure-store server using a
          password and optionally a hardware token, then saves or
          retrieves a file.  This is intended to be a credentials
          store (public/private keypairs, passwords, and other
          secrets) for a factotum.

          Option -c prompts for a password change.

          Option -g retrieves a file to the local directory; option -G
          writes it to standard output instead.  Specifying getfile of
          `.'  will send to standard output a list of remote files
          with dates, lengths and SHA1 hashes.

          Option -i says that the password should be read from stan-
          dard input instead of from /dev/cons.

          Option -n says that the password should be read from NVRAM
          (see authsrv(2)) instead of from /dev/cons.

          Option -p stores a file on the secstore.

          Option -r removes a file from the secstore.

          Option -s sets the dial string of the secstore(8) server.
          The default is contained in the $secstore environment vari-
          able. If the -s option is absent and $secstore is empty,
          secstore(1) will attempt to dial tcp!$auth!secstore.

          Option -u access the secure-store files belonging to user.

          Option -v produces more verbose output, in particular pro-
          viding a few bits of feedback to help the user detect

          For example, to add a secret to the file read by factotum(4)
          at startup, open a new window, type

     Page 1                       Plan 9             (printed 7/22/24)

     SECSTORE(1)                                           SECSTORE(1)

            % ramfs -p; cd /tmp
            % auth/secstore -g factotum
            secstore password:
            % echo 'key proto=apop user=ehg !password=hi' >> factotum
            % auth/secstore -p factotum
            secstore password:
            % read -m factotum > /mnt/factotum/ctl

          and delete the window.  The first line creates an ephemeral
          memory-resident workspace, invisible to others and automati-
          cally removed when the window is deleted.  The next three
          commands fetch the persistent copy of the secrets, append a
          new secret, and save the updated file back to secstore.  The
          final command loads the new secret into the running facto-

          The ipso command packages this sequence into a convenient
          script to simplify editing of files stored on a secure
          store.  It copies the named files into a local ramfs(4) and
          invokes acme(1) on them.  When the editor exits, ipso
          prompts the user to confirm copying modifed or newly created
          files back to secstore. If no file is mentioned, ipso grabs
          all the user's files from secstore for editing.

          By default, ipso will edit the secstore files and, if one of
          them is named factotum, flush current keys from factotum and
          load the new ones from the file.  If the -e, -f, or -l
          options are given, ipso will just perform only the requested
          operations, i.e., edit, flush, and/or load.

          The -s option of ipso invokes sam(1) as the editor insted of
          acme; the -a option provides a similar service for files
          encrypted by aescbc (q.v.).  With the -a option, the full
          rooted pathname of the file must be specified and all files
          must be encrypted with the same key.  Also with -a, newly
          created files are ignored.

          Aescbc encrypts (under `-e') and decrypts (under `-d') using
          AES (Rijndael) in cipher block chaining (CBC) mode.  Options
          `i' and `n' are as per secstore, except that `i' reads from
          file descriptor 3.


          factotum(4), secstore(8)

          Secstore sets error status on failure but will not print an
          error message when reading NVRAM or dialing the secstore

     Page 2                       Plan 9             (printed 7/22/24)

     SECSTORE(1)                                           SECSTORE(1)

          server fails unless the -v flag is specified.

          There is deliberately no backup of files on the secstore, so
          -r (or a disk crash) is irrevocable.  You are advised to
          store important secrets in a second location.

          When using ipso, secrets will appear as plain text in the
          editor window, so use the command in private.

     Page 3                       Plan 9             (printed 7/22/24)