Using aescbc to store factotum keys -Diff-


Mon Feb 18 09:56:13 CET 2013, mycroftiv

secstore(1) is traditionally used to store private keys for factotum(4). When an auth server is not used, such as on a stand-alone terminal, a different solution must be found.

GETTING THE KEYS

The easiest way to get the right options for the keys is to let factotum do it for you. Authenticate to the services you want the keys to be saved for and read factotum's control file.

% cat /mnt/factotum/ctl
key proto=p9sk1 dom=outside.plan9.bell-labs.com user=rsc !password?
% 

SAVING THE KEYS

First, your secrets file must be initialised.

% echo test | auth/aescbc -e > $home/lib/fact.keys
% aescbc key:

Change the permissions on the file so that only you can read it.

% chmod 600 $home/lib/fact.keys

Add the keys to the secrets file.

% ipso -a $home/lib/fact.keys

  Warning: The editor will display the secret contents of
  your aescbc files in the clear.

aescbc password:
aescbc key:

Replace 'test' with the keys, replacing each instance '!password?' to '!password=secret' where 'secret' is the password for the key.

POPULATING FACTOTUM AT STARTUP

Instead of manually running the command to populate factotum, you can have it done in your profile

# Add some keys to factotum
if(test -f $home/lib/fact.keys)
     auth/aescbc -d < $home/lib/fact.keys | read -m > /mnt/factotum/ctl

USING AESCBC AND SECSTORE TOGETHER

One may make use of a secstore server even if one prefers not to store keys in unencrypted form by combining the use of aescbc to encrypt with secstore to retrieve. Here is a script which replaces ipso(1) and stores data only in encrypted form. By default it uses a file named 'p' for storage. -e file edits file, -p file puts file in encrypted form on secstore, and -g retrieves an encrypted file, decrypts, and adds it to factotum. -s server specifies a secstore server. It uses ed for its editor, you may change this to another editor if preferred.

#!/bin/rc
# ipso replacement with encryption of what is stored

rfork e
while(~ $1 -*){
	switch($1){
	case -e
		mode=edit
		shift
	case -g
		mode=get
		shift
	case -p
		mode=put
		shift
	case -s
		server=$2
		shift
		shift
	case *
		echo 'usage [-s server] [-egp] [file]'
		exit usage
	}
}
targ=$1
if(~ $targ '')
	targ=p
if(~ $server '')
	server=$auth

fn getf{
	{
		echo rawon
		echo -n $name password: >/dev/cons
		read > f
		echo > /dev/cons
	}</dev/cons > /dev/consctl
}

fn gettarg{
	auth/secstore -i -g $targ -s $server <f
	auth/aescbc -d -i <$targ >q <[3] f
}

fn puttarg{
	auth/aescbc -e -i <q >$targ <[3] f
	auth/secstore -i -p $targ -s $server <f
}

fn delete{
	cat /lib/namespace >f
	cat /lib/namespace >$targ
	cat /lib/namespace >q
	rm f $targ q
	cd /
}

if(~ $mode put){
	if(! test -e $targ){
		echo $targ does not exist
		exit no.target
	}
	rfork ensf
	if(! test -d /tmp/nada)
		mkdir /tmp/nada
	ramfs -p -m /tmp/nada
	cp $targ /tmp/nada/q
	cd /tmp/nada
	
	getf
	puttarg
	delete

	unmount /tmp/nada
	echo dont forget to remove $targ
	exit ''
}

if(~ $mode edit){
	rfork ensf
	ramfs -p
	cd /tmp

	getf
	gettarg
	ed q
	puttarg
	delete

	unmount /tmp
	exit ''
}

if(~ $mode get){	
	rfork ensf
	if(! test -d /tmp/nada)
		mkdir /tmp/nada
	ramfs -p -m /tmp/nada
	cd /tmp/nada

	getf
	gettarg
	read -m q > /mnt/factotum/ctl
	delete

	unmount /tmp/nada
	exit ''
}