1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
|
# Keyringer translation source
# Copyright (C) 2013 Keyringer Developers
# This file is distributed under the same license as the keyringer package.
# Silvio Rhatto <rhatto@riseup.net>, 2013.
#
msgid ""
msgstr ""
"Project-Id-Version: Keyringer\n"
"POT-Creation-Date: 2013-11-10 23:20-0100\n"
"PO-Revision-Date: 2013-11-10 23:20-0100\n"
"Last-Translator: Keyringer Developers <contact@keyringer.pw>\n"
"Language-Team: Keyringer Developers <contact@keyringer.pw>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#. type: Plain text
#: keyringer.1.mdwn:4
msgid ""
"% KEYRINGER(1) Keyringer User Manual % Silvio Rhatto <rhatto@riseup.net> % "
"Oct 25, 2013"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:6
msgid "# NAME"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:8
msgid "keyringer - encrypted and distributed secret sharing software"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:10
msgid "# SYNOPSIS"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:12
msgid "keyringer <*keyring*> <*action*> [*options*]..."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:14
msgid "# DESCRIPTION"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:17
msgid ""
"Keyringer lets you manage and share secrets using GnuPG and Git in a "
"distributed fashion."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:22
msgid ""
"It has custom commands to create key-pairs and to encrypt, decrypt and "
"re-encrypt secrets. It also supports encryption to multiple recipients and "
"groups of recipients, to allow a workgroup to share access to a single "
"repository while restricting some secrets to subsets of the group."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:25
msgid ""
"Secrets are encrypted using GPG and added to a Git tree so that they can be "
"synced with remote branches later."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:27
msgid "# ACTIONS"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:29
msgid "Keyringer has three types of actions:"
msgstr ""
#. type: Bullet: '1. '
#: keyringer.1.mdwn:32
msgid ""
"Repository lookup and manipulation actions, which handle repository "
"initialization, content tracking and navigation."
msgstr ""
#. type: Bullet: '2. '
#: keyringer.1.mdwn:35
msgid ""
"Secret manipulation actions, which take care of encrypting, decrypting and "
"other read/write operations on secrets."
msgstr ""
#. type: Bullet: '3. '
#: keyringer.1.mdwn:37
msgid "Configuration actions, handling repository metadata."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:39
msgid "# REPOSITORY LOOKUP AND MANIPULATION ACTIONS"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:43
#, no-wrap
msgid ""
"init <*path*> [*remote*]\n"
": Initialize a new keyringer repository. If a *remote* URL is specified, "
"keyringer will\n"
" clone an existing repository.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:46
#, no-wrap
msgid ""
" After initialization, *path* will contain a folder structure for storing "
"secrets\n"
" and metadata (user aka recipients, groups of recipients, etc).\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:49
#, no-wrap
msgid ""
" Also, an entry will be added to `$HOME/.keyringer/config` allowing "
"keyringer to\n"
" find the keyring by its alias.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:53
#, no-wrap
msgid ""
"git <*action*> <*options*>\n"
": Git wrapper that operates from the toplevel keyring repository. You can "
"issue any\n"
" *GIT(1)* subcommand with this action to have it applied in the keyring "
"repository.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:58
#, no-wrap
msgid ""
"ls <*path*>\n"
": List contents from the toplevel repository *keys* folder or from "
"relative paths\n"
" if *path* is specified. Like the git wrapper, this is a wrapper around "
"the *LS(1)*\n"
" command.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:60
msgid "# SECRET MANIPULATION ACTIONS"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:63
msgid ""
"All secret manipulation actions operate upon a *secret* which is the "
"pathname of an encrypted file relative to the keyring with optional `.asc` "
"extension."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:66
msgid ""
"If the `.asc` extension is omitted, keyringer will add it at the end of the "
"pathname."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:68
msgid "No spaces are allowed in the secret name."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:72
msgid ""
"Secret manipulation actions do not commit changes into the secret "
"repository. Instead, the user has to manually commit the changes using the "
"git wrapper action."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:76
#, no-wrap
msgid ""
"append <*secret*>\n"
": Append contents into a secret by decrypting the secret, appending lines "
"read\n"
" from the standard input and encrypting again.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:79
#, no-wrap
msgid ""
"append-batch <*secret*>\n"
": Append contents into a secret, batch mode.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:82
#, no-wrap
msgid ""
"decrypt <*secret*>\n"
": Decrypts a secret into standard output.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:86
#, no-wrap
msgid ""
"del <*secret*>\n"
": Removes a secret using Git. After deleting a secret a git commit and "
"push is still\n"
" needed to update remote repositories.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:90
#, no-wrap
msgid ""
" Please note that this command **does not remove the secret from the Git "
"history.**\n"
" To completely remove a file from a keyring, you should also rewrite the "
"Git\n"
" history yourself.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:94
#, no-wrap
msgid ""
"edit <*secret*>\n"
": Edit a secret by temporarily decrypting it, opening the decrypted copy "
"into the \n"
" text editor defined by the *$EDITOR* environment variable and then "
"re-encrypting it.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:98
#, no-wrap
msgid ""
"encrypt <*secret*> [*file*]\n"
": Encrypts content from standard input or *file* into *secret* "
"pathname. No spaces\n"
" are supported in the *secret* name.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:101
#, no-wrap
msgid ""
"encrypt-batch <*secret*>\n"
": Encrypt content, batch mode.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:104
#, no-wrap
msgid ""
"genpair <*ssh*|*gpg*|*ssl*|*ssl-self*> [*options*]\n"
": Wrapper to generate encryption key-pairs, useful for automated key "
"deployment.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:108
#, no-wrap
msgid ""
"open <*secret*>\n"
": Decrypt a secret into a temporary folder and open it using xdg-open, "
"which\n"
" tries to figure out the file type and then calls the associated "
"application.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:111
#, no-wrap
msgid ""
" After the application exits, keyringer encrypts the temporary decrypted "
"file\n"
" again into the secret file and deletes the temporary file.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:116
#, no-wrap
msgid ""
"recrypt <*secret*>\n"
": Re-encrypts a secret by decrypting it and encrypting it again. Useful "
"when users are added\n"
" into the recipient configuration. If no *secret* is given, all secrets "
"in the repository\n"
" are re-encrypted.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:118
msgid "# CONFIGURATION ACTIONS"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:121
#, no-wrap
msgid ""
"commands\n"
": List available actions, useful for shell completion and syntax check.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:124
#, no-wrap
msgid ""
"options <*ls*|*edit*|*add*>\n"
": List, edit or add miscellaneous *repository* options.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:128
#, no-wrap
msgid ""
" Repository options are settings which are saved in the repository as a "
"*global*\n"
" configuration stanza for a given keyring, shared by all users with "
"access to\n"
" the repository.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:131
#, no-wrap
msgid ""
" Options are written using the *KEY=VALUE* syntax. All lines starting "
"with the\n"
" hash (#) character are interpreted as comments.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:134
#, no-wrap
msgid ""
"preferences <*ls*|*edit*|*add*>\n"
": List, edit or add *user* preferences for a given repository.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:137
#, no-wrap
msgid ""
" User preferences are settings which are saved in the user's keyringer "
"folder\n"
" (`$HOME/.keyringer/`), and not shared with the other users.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:140
#, no-wrap
msgid ""
" Preferences are written using the *KEY=VALUE* syntax. All lines starting "
"with the\n"
" hash (#) character are interpreted as comments.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:143
#, no-wrap
msgid ""
"usage\n"
": Show keyringer usage information.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:146
#, no-wrap
msgid ""
"recipients <*ls*|*edit*> <*recipients-file*>\n"
": List, create or edit recipients configuration.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:149
#, no-wrap
msgid ""
" Recipients files are lists of OpenPGP public key fingerprints which are "
"used\n"
" by keyringer when encrypting secrets and associated with email "
"aliases.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:152
#, no-wrap
msgid ""
" Keyringer uses a default recipients file, but specifying a custom "
"*recipients-file*\n"
" pathname will override this default.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:158
#, no-wrap
msgid ""
" For instance, if a user encrypts a secret to a file in the keyring "
"repository's\n"
" *accounting* folder, a *recipients-file* under *accounting* will be "
"used.\n"
" Encrypting a secret into *accounting/bank-accounts* will result in a "
"file\n"
" `$KEYRING_FOLDER/keys/accounting/bank-accounts.asc` encrypted using the "
"public\n"
" keys listed in the config "
"file`$KEYRING_FOLDER/config/recipients/accounting`.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:163
#, no-wrap
msgid ""
" Each line in a recipients file has entries in the format\n"
" 'john@doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where "
"*john@doe.com*\n"
" is an alias for the GPG public key whose fingerprint is\n"
" *XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.*\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:165
#, no-wrap
msgid ""
" All lines starting with the hash (#) character are interpreted as "
"comments.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:167
#, no-wrap
msgid " Parameters to the *recipients* action are:\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:170
#, no-wrap
msgid ""
" *ls*\n"
" : List all existing recipients files.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:173
#, no-wrap
msgid ""
" *edit*\n"
" : Create or edit a recipients file.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:176
#, no-wrap
msgid ""
" Editing happens using the editor specified by the `$EDITOR`\n"
" environment variable.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:179
#, no-wrap
msgid ""
" The required parameter *recipients-file* is interpreted relative\n"
" to the `$KEYRING_FOLDER/config/recipients/` folder.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:181
msgid "# FILES"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:184
msgid ""
"$HOME/.keyringer/config : User's main configuration file used to map alias "
"names to keyrings."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:187
msgid ""
"$HOME/.keyringer/*keyring* : User preferences for the keyringer aliased "
"*keyring* keyring."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:191
#, no-wrap
msgid ""
"$KEYRING_FOLDER/config/options\n"
": Custom keyring options which will be applied for all users that use\n"
" the keyringer repository.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:193
msgid "# LIMITATIONS"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:195
msgid "Keyringer currently has the following limitations:"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:201
#, no-wrap
msgid ""
"1. Metadata is not encrypted, meaning that an attacker with access to a "
"keyringer\n"
" repository can discover all public key IDs used for encryption, and which "
"secrets\n"
" are encrypted to which keys. This can be improved in the future by "
"encrypting\n"
" the repository configuration with support for the *--hidden-recipient* "
"GnuPG\n"
" option.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:206
#, no-wrap
msgid ""
"2. History is not rewritten by default when secrets are removed from a "
"keyringer\n"
" repository. After a secret is removed with the *del* action, it will still "
"be\n"
" available in the repository history even after a commit. This is by "
"design\n"
" for the following reasons:\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:211
#, no-wrap
msgid ""
" - It's the default behavior of the Git content tracker. Forcing the\n"
" deletion by default could break the expected behavior and hence limit\n"
" the repository's backup features, which can be helpful if someone\n"
" mistakenly overwrites a secret.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:215
#, no-wrap
msgid ""
" - History rewriting cannot be considered a security measure against the\n"
" unauthorized access to a secret as it doesn't automatically update "
"all\n"
" working copies of the repository.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:219
#, no-wrap
msgid ""
" In the case that the secret is a passphrase, the recommended measure\n"
" against such attacks is to change the passphrase, making useless the\n"
" knowledge of the previous secret.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:222
#, no-wrap
msgid ""
" Users wishing to edit their repository history should proceed "
"manually\n"
" using the *git* action.\n"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:224
msgid "# SEE ALSO"
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:226
msgid "The *README* file distributed with Keyringer contains full documentation."
msgstr ""
#. type: Plain text
#: keyringer.1.mdwn:228
msgid ""
"The Keyringer source code and all documentation may be downloaded from "
"<https://keyringer.pw>."
msgstr ""
|