diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-11-26 17:18:57 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-11-26 17:18:57 -0200 |
commit | ef46233be5016435ada01b36d3d9fe27f1097e3b (patch) | |
tree | 25c8edec8ff092348317ac3a038f4941ac7acef4 /share/man | |
parent | cc7f823348eb24802cd85232cdbcdc8b1ab070e0 (diff) | |
parent | 5f1590e0722ee5ee9fed2ccc43adfb88f00218fd (diff) | |
download | keyringer-ef46233be5016435ada01b36d3d9fe27f1097e3b.tar.gz keyringer-ef46233be5016435ada01b36d3d9fe27f1097e3b.tar.bz2 |
Merge tag 'upstream_keyringer_0.2.9' into debian
Upstream version 0.2.9
Diffstat (limited to 'share/man')
-rw-r--r-- | share/man/keyringer.1 | 79 | ||||
-rw-r--r-- | share/man/keyringer.1.mdwn | 18 |
2 files changed, 62 insertions, 35 deletions
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index c3fbc54..c0fed1c 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -59,6 +59,14 @@ Like the git wrapper, this is a wrapper around the \f[I]LS(1)\f[] command. .RS .RE +.TP +.B tree <\f[I]path\f[]> +List contents from the toplevel repository \f[I]keys\f[] folder or from +relative paths if \f[I]path\f[] is specified using a tree-like format. +Like the ls wrapper, this is a wrapper around the \f[I]TREE(1)\f[] +command. +.RS +.RE .SH SECRET MANIPULATION ACTIONS .PP All secret manipulation actions operate upon a \f[I]secret\f[] which is @@ -102,6 +110,11 @@ Git history.\f[] To completely remove a file from a keyring, you should also rewrite the Git history yourself. .RE .TP +.B rm <\f[I]secret\f[]> +Alias for \f[I]del\f[] action. +.RS +.RE +.TP .B edit <\f[I]secret\f[]> Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the \f[I]$EDITOR\f[] environment @@ -113,11 +126,15 @@ variable and then re-encrypting it. Encrypts content from standard input or \f[I]file\f[] into \f[I]secret\f[] pathname. No spaces are supported in the \f[I]secret\f[] name. +If \f[I]file\f[] is actually a folder, keyringer will recursivelly +encrypt all it\[aq]s contents. .RS .RE .TP -.B encrypt-batch <\f[I]secret\f[]> +.B encrypt-batch <\f[I]secret\f[]> [\f[I]file\f[]] Encrypt content, batch mode. +Behavior is identical to \f[I]encrypt\f[] action, but less verbose. +Useful inside scripts. .RS .RE .TP @@ -193,41 +210,41 @@ aliases. .PP Keyringer uses a default recipients file, but specifying a custom \f[I]recipients-file\f[] pathname will override this default. +.PP For instance, if a user encrypts a secret to a file in the keyring repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients-file\f[] under \f[I]accounting\f[] will be used. Encrypting a secret into \f[I]accounting/bank-accounts\f[] will result -in a file +in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[] +encrypted using the public keys listed in the config +file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[]. +.PP +Each line in a recipients file has entries in the format +\[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where +\f[I]john\@doe.com\f[] is an alias for the GPG public key whose +fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[] +.PP +All lines starting with the hash (#) character are interpreted as +comments. +.PP +Parameters to the \f[I]recipients\f[] action are: +.TP +.B \f[I]ls\f[] +List all existing recipients files. +.RS .RE +.TP +.B \f[I]edit\f[] +Create or edit a recipients file. +.RS .PP -\f[C]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[] encrypted -using the public keys listed in the config -file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[]. -.IP -.nf -\f[C] -Each\ line\ in\ a\ recipients\ file\ has\ entries\ in\ the\ format -\[aq]john\@doe.com\ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq],\ where\ *john\@doe.com* -is\ an\ alias\ for\ the\ GPG\ public\ key\ whose\ fingerprint\ is -*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.* - -All\ lines\ starting\ with\ the\ hash\ (#)\ character\ are\ interpreted\ as\ comments. - -Parameters\ to\ the\ *recipients*\ action\ are: - -\ \ *ls* -\ \ :\ \ \ List\ all\ existing\ recipients\ files. - -\ \ *edit* -\ \ :\ \ \ Create\ or\ edit\ a\ recipients\ file. - -\ \ \ \ \ \ Editing\ happens\ using\ the\ editor\ specified\ by\ the\ `$EDITOR` -\ \ \ \ \ \ environment\ variable. - -\ \ \ \ \ \ The\ required\ parameter\ *recipients-file*\ is\ interpreted\ relative -\ \ \ \ \ \ to\ the\ `$KEYRING_FOLDER/config/recipients/`\ folder. -\f[] -.fi +Editing happens using the editor specified by the \f[C]$EDITOR\f[] +environment variable. +.PP +The required parameter \f[I]recipients-file\f[] is interpreted relative +to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder. +.RE +.RE .SH FILES .PP $HOME/.keyringer/config : User\[aq]s main configuration file used to map @@ -246,7 +263,7 @@ Metadata is not encrypted, meaning that an attacker with access to a keyringer repository can discover all public key IDs used for encryption, and which secrets are encrypted to which keys. This can be improved in the future by encrypting the repository -configuration with support for the \f[I]--hidden-recipient\f[] GnuPG +configuration with support for the \f[I]\-\-hidden-recipient\f[] GnuPG option. .IP "2." 3 History is not rewritten by default when secrets are removed from a diff --git a/share/man/keyringer.1.mdwn b/share/man/keyringer.1.mdwn index ee035e3..d4b71e3 100644 --- a/share/man/keyringer.1.mdwn +++ b/share/man/keyringer.1.mdwn @@ -56,6 +56,11 @@ ls <*path*> if *path* is specified. Like the git wrapper, this is a wrapper around the *LS(1)* command. +tree <*path*> +: List contents from the toplevel repository *keys* folder or from relative paths + if *path* is specified using a tree-like format. Like the ls wrapper, this is a + wrapper around the *TREE(1)* command. + # SECRET MANIPULATION ACTIONS All secret manipulation actions operate upon a *secret* which is the pathname @@ -88,16 +93,21 @@ del <*secret*> To completely remove a file from a keyring, you should also rewrite the Git history yourself. +rm <*secret*> +: Alias for *del* action. + edit <*secret*> : Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the *$EDITOR* environment variable and then re-encrypting it. encrypt <*secret*> [*file*] : Encrypts content from standard input or *file* into *secret* pathname. No spaces - are supported in the *secret* name. + are supported in the *secret* name. If *file* is actually a folder, keyringer + will recursivelly encrypt all it's contents. -encrypt-batch <*secret*> -: Encrypt content, batch mode. +encrypt-batch <*secret*> [*file*] +: Encrypt content, batch mode. Behavior is identical to *encrypt* action, but less + verbose. Useful inside scripts. genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*] : Wrapper to generate encryption key-pairs, useful for automated key deployment. @@ -153,7 +163,7 @@ recipients <*ls*|*edit*> <*recipients-file*> For instance, if a user encrypts a secret to a file in the keyring repository's *accounting* folder, a *recipients-file* under *accounting* will be used. Encrypting a secret into *accounting/bank-accounts* will result in a file - `$KEYRING_FOLDER/keys/accounting/bank-accounts.asc` encrypted using the public + `$KEYRING_FOLDER/keys/accounting/bank-accounts.asc` encrypted using the public keys listed in the config file`$KEYRING_FOLDER/config/recipients/accounting`. Each line in a recipients file has entries in the format |