summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xkeyringer2
-rw-r--r--share/man/keyringer.154
2 files changed, 30 insertions, 26 deletions
diff --git a/keyringer b/keyringer
index 4c3570d..8c1faf2 100755
--- a/keyringer
+++ b/keyringer
@@ -140,7 +140,7 @@ function keyringer_dispatch {
# Config
NAME="keyringer"
-KEYRINGER_VERSION="0.5.5"
+KEYRINGER_VERSION="0.5.6"
CONFIG_VERSION="0.1"
CONFIG_BASE="$HOME/.$NAME"
CONFIG="$CONFIG_BASE/config"
diff --git a/share/man/keyringer.1 b/share/man/keyringer.1
index 16cceb7..def8c38 100644
--- a/share/man/keyringer.1
+++ b/share/man/keyringer.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pandoc 1.17.2
+.\" Automatically generated by Pandoc 2.2.1
.\"
.TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" ""
.hy
@@ -7,7 +7,7 @@
keyringer \- encrypted and distributed secret sharing software
.SH SYNOPSIS
.PP
-keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]...
+keyringer <\f[I]keyring\f[]> <\f[I]action\f[]> [\f[I]options\f[]]\&...
.SH DESCRIPTION
.PP
Keyringer lets you manage and share secrets using GnuPG and Git in a
@@ -66,7 +66,7 @@ applied in the keyring repository.
.RE
.TP
.B commit [\f[I]arguments\f[]]
-Alias to "git commit".
+Alias to \[lq]git commit\[rq].
.RS
.RE
.TP
@@ -102,7 +102,7 @@ where all other actions can be called and are operated from the current
selected keyring.
.RS
.PP
-An additional "cd" internal command is available for directory
+An additional \[lq]cd\[rq] internal command is available for directory
navigation.
.PP
All <\f[I]secret\f[]> parameters from actions invoked from the shell are
@@ -189,8 +189,8 @@ variable and then re\-encrypting it.
.RS
.PP
Please make sure to use an
-\f[I]\f[I]E\f[]\f[I]D\f[]\f[I]I\f[]\f[I]T\f[]\f[I]O\f[]\f[I]R\f[] * \f[I]w\f[]\f[I]h\f[]\f[I]i\f[]\f[I]c\f[]\f[I]h\f[]\f[I]d\f[]\f[I]o\f[]\f[I]e\f[]\f[I]s\f[]\f[I]n\f[]\f[I]o\f[]\f[I]t\f[]\f[I]l\f[]\f[I]e\f[]\f[I]a\f[]\f[I]k\f[]\f[I]d\f[]\f[I]a\f[]\f[I]t\f[]\f[I]a\f[]\f[I]l\f[]\f[I]i\f[]\f[I]k\f[]\f[I]e\f[]\f[I]h\f[]\f[I]i\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]r\f[]\f[I]y\f[]\f[I]b\f[]\f[I]u\f[]\f[I]f\f[]\f[I]f\f[]\f[I]e\f[]\f[I]r\f[]\f[I]s\f[].\f[I]K\f[]\f[I]e\f[]\f[I]y\f[]\f[I]r\f[]\f[I]i\f[]\f[I]n\f[]\f[I]g\f[]\f[I]e\f[]\f[I]r\f[]\f[I]t\f[]\f[I]r\f[]\f[I]i\f[]\f[I]e\f[]\f[I]s\f[]\f[I]t\f[]\f[I]o\f[]\f[I]d\f[]\f[I]e\f[]\f[I]t\f[]\f[I]e\f[]\f[I]c\f[]\f[I]t\f[]\f[I]i\f[]\f[I]f\f[]*EDITOR\f[]
-is set to VIM and disables the \f[I]\&.viminfo\f[] file.
+\f[I]\f[]E\f[I]\f[]D\f[I]\f[]I\f[I]\f[]T\f[I]\f[]O\f[I]\f[]R\f[I] * \f[]w\f[I]\f[]h\f[I]\f[]i\f[I]\f[]c\f[I]\f[]h\f[I]\f[]d\f[I]\f[]o\f[I]\f[]e\f[I]\f[]s\f[I]\f[]n\f[I]\f[]o\f[I]\f[]t\f[I]\f[]l\f[I]\f[]e\f[I]\f[]a\f[I]\f[]k\f[I]\f[]d\f[I]\f[]a\f[I]\f[]t\f[I]\f[]a\f[I]\f[]l\f[I]\f[]i\f[I]\f[]k\f[I]\f[]e\f[I]\f[]h\f[I]\f[]i\f[I]\f[]s\f[I]\f[]t\f[I]\f[]o\f[I]\f[]r\f[I]\f[]y\f[I]\f[]b\f[I]\f[]u\f[I]\f[]f\f[I]\f[]f\f[I]\f[]e\f[I]\f[]r\f[I]\f[]s\f[I].\f[]K\f[I]\f[]e\f[I]\f[]y\f[I]\f[]r\f[I]\f[]i\f[I]\f[]n\f[I]\f[]g\f[I]\f[]e\f[I]\f[]r\f[I]\f[]t\f[I]\f[]r\f[I]\f[]i\f[I]\f[]e\f[I]\f[]s\f[I]\f[]t\f[I]\f[]o\f[I]\f[]d\f[I]\f[]e\f[I]\f[]t\f[I]\f[]e\f[I]\f[]c\f[I]\f[]t\f[I]\f[]i\f[I]\f[]f\f[I]*EDITOR\f[]
+is set to VIM and disables the \f[I].viminfo\f[] file.
.RE
.TP
.B encrypt <\f[I]secret\f[]> [\f[I]file\f[]]
@@ -198,7 +198,7 @@ Encrypts content from standard input or \f[I]file\f[] into
\f[I]secret\f[] pathname.
No spaces are supported in the \f[I]secret\f[] name.
If \f[I]file\f[] is actually a folder, keyringer will recursivelly
-encrypt all it\[aq]s contents.
+encrypt all it's contents.
.RS
.RE
.TP
@@ -297,9 +297,9 @@ comments.
List, edit or add \f[I]user\f[] preferences for a given repository.
.RS
.PP
-User preferences are settings which are saved in the user\[aq]s
-keyringer folder (\f[C]$HOME/.keyringer/\f[]), and not shared with the
-other users.
+User preferences are settings which are saved in the user's keyringer
+folder (\f[C]$HOME/.keyringer/\f[]), and not shared with the other
+users.
.PP
Preferences are written using the \f[I]KEY=VALUE\f[] syntax.
All lines starting with the hash (#) character are interpreted as
@@ -328,17 +328,17 @@ Keyringer uses a default recipients file, but specifying a custom
\f[I]recipients\-file\f[] pathname will override this default.
.PP
For instance, if a user encrypts a secret to a file in the keyring
-repository\[aq]s \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[]
+repository's \f[I]accounting\f[] folder, a \f[I]recipients\-file\f[]
under \f[I]accounting\f[] will be used.
Encrypting a secret into \f[I]accounting/bank\-accounts\f[] will result
in a file \f[C]$KEYRING_FOLDER/keys/accounting/bank\-accounts.asc\f[]
encrypted using the public keys listed in the config
file\f[C]$KEYRING_FOLDER/config/recipients/accounting\f[].
.PP
-Each line in a recipients file has entries in the format
-\[aq]john\@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX\[aq], where
-\f[I]john\@doe.com\f[] is an alias for the OpenPGP public key whose
-fingerprint is \f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[]
+Each line in a recipients file has entries in the format `john\@doe.com
+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where \f[I]john\@doe.com\f[]
+is an alias for the OpenPGP public key whose fingerprint is
+\f[I]XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.\f[]
.PP
All lines starting with the hash (#) character are interpreted as
comments.
@@ -364,7 +364,7 @@ to the \f[C]$KEYRING_FOLDER/config/recipients/\f[] folder.
.SH FILES
.TP
.B $HOME/.keyringer/config
-User\[aq]s main configuration file used to map alias names to keyrings.
+User's main configuration file used to map alias names to keyrings.
.RS
.RE
.TP
@@ -386,11 +386,13 @@ Metadata is not encrypted, meaning that an attacker with access to a
keyringer repository can discover all public key IDs used for
encryption, and which secrets are encrypted to which keys.
This can be improved in the future by encrypting the repository
-configuration with support for the \f[I]\-\-hidden\-recipient\f[] GnuPG
+configuration with support for the \f[I]\[en]hidden\-recipient\f[] GnuPG
option and encrypted repository options.
+.RS 4
.PP
-To mitigate that, it\[aq]s possible to keep the repo just atop of an
+To mitigate that, it's possible to keep the repo just atop of an
encrypted and non\-public place.
+.RE
.IP "2." 3
History is not rewritten by default when secrets are removed from a
keyringer repository.
@@ -398,14 +400,14 @@ After a secret is removed with the \f[I]del\f[] action, it will still be
available in the repository history even after a commit.
This is by design for the following reasons:
.IP \[bu] 2
-It\[aq]s the default behavior of the Git content tracker.
+It's the default behavior of the Git content tracker.
Forcing the deletion by default could break the expected behavior and
-hence limit the repository\[aq]s backup features, which can be helpful
-if someone mistakenly overwrites a secret.
+hence limit the repository's backup features, which can be helpful if
+someone mistakenly overwrites a secret.
.IP \[bu] 2
History rewriting cannot be considered a security measure against the
-unauthorized access to a secret as it doesn\[aq]t automatically update
-all working copies of the repository.
+unauthorized access to a secret as it doesn't automatically update all
+working copies of the repository.
.RS 2
.PP
In the case that the secret is a passphrase, the recommended measure
@@ -419,13 +421,15 @@ using the \f[I]git\f[] action.
Keyringer does not protect data which were not encrypted to a keyring,
so be careful when decrypting secrets and writing them to the disk or
other storage media.
+.RS 4
.PP
Pay special attention that keyringer outputs data to stdout, which could
be easily spotted by any agent looking directly at you computer screen.
.PP
The xclip action even copies secret data to the X11 clipboard, which can
-be accessed by any application running in the user\[aq]s X11 session, so
-use this feature carefully.
+be accessed by any application running in the user's X11 session, so use
+this feature carefully.
+.RE
.SH SEE ALSO
.PP
The \f[I]README\f[] file distributed with Keyringer contains full