diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rwxr-xr-x | keyringer | 2 | ||||
| -rw-r--r-- | share/man/keyringer.1 | 99 |
3 files changed, 43 insertions, 60 deletions
@@ -1,4 +1,4 @@ -2025-10-25 - unreleased - Silvio Rhatto <rhatto@riseup.net> +2026-02-21 - 0.7.0 - Silvio Rhatto <rhatto@riseup.net> Makefile: uninstall targets (thanks Spenser Truex <truex@equwal.com>). @@ -142,7 +142,7 @@ function keyringer_dispatch { # Config NAME="keyringer" -KEYRINGER_VERSION="0.6.0" +KEYRINGER_VERSION="0.7.0" CONFIG_VERSION="0.1" CONFIG_BASE="$HOME/.$NAME" CONFIG="$CONFIG_BASE/config" diff --git a/share/man/keyringer.1 b/share/man/keyringer.1 index 6435ac9..9b8e8ad 100644 --- a/share/man/keyringer.1 +++ b/share/man/keyringer.1 @@ -1,35 +1,17 @@ -.\" Automatically generated by Pandoc 2.17.1.1 +.\" Automatically generated by Pandoc 3.1.11.1 .\" -.\" Define V font for inline verbatim, using C font in formats -.\" that render this, and otherwise B font. -.ie "\f[CB]x\f[]"x" \{\ -. ftr V B -. ftr VI BI -. ftr VB B -. ftr VBI BI -.\} -.el \{\ -. ftr V CR -. ftr VI CI -. ftr VB CB -. ftr VBI CBI -.\} .TH "KEYRINGER" "1" "Oct 25, 2013" "Keyringer User Manual" "" -.hy .SH NAME -.PP -keyringer - encrypted and distributed secret sharing software +keyringer \- encrypted and distributed secret sharing software .SH SYNOPSIS -.PP keyringer <\f[I]keyring\f[R]> <\f[I]action\f[R]> [\f[I]options\f[R]]\&... .SH DESCRIPTION -.PP Keyringer lets you manage and share secrets using GnuPG and Git in a distributed fashion. .PP -It has custom commands to create key-pairs and to encrypt, decrypt and -re-encrypt secrets. +It has custom commands to create key\-pairs and to encrypt, decrypt and +re\-encrypt secrets. It also supports encryption to multiple recipients and groups of recipients, to allow a workgroup to share access to a single repository while restricting some secrets to subsets of the group. @@ -37,7 +19,6 @@ while restricting some secrets to subsets of the group. Secrets are encrypted using OpenPGP and added to a Git tree so that they can be synced with remote branches later. .SH ACTIONS -.PP Keyringer has three types of actions: .IP "1." 3 Repository lookup and manipulation actions, which handle repository @@ -62,7 +43,7 @@ After initialization, \f[I]path\f[R] will contain a folder structure for storing secrets and metadata (user aka recipients, groups of recipients, etc). .PP -Also, an entry will be added to \f[V]$HOME/.keyringer/config\f[R] +Also, an entry will be added to \f[CR]$HOME/.keyringer/config\f[R] allowing keyringer to find the keyring by its alias. .RE .TP @@ -91,12 +72,12 @@ Remove an empty folder inside the repository \f[I]keys\f[R] folder. .TP tree <\f[I]path\f[R]> List contents from the toplevel repository \f[I]keys\f[R] folder or from -relative paths if \f[I]path\f[R] is specified using a tree-like format. +relative paths if \f[I]path\f[R] is specified using a tree\-like format. Like the ls wrapper, this is a wrapper around the \f[I]TREE(1)\f[R] command. .TP shell -Run keyringer on interactive mode from a built-in command-line prompt +Run keyringer on interactive mode from a built\-in command\-line prompt where all other actions can be called and are operated from the current selected keyring. .RS @@ -115,13 +96,12 @@ have just a single copy. check Run maintenance checks in a keyring. .SH SECRET MANIPULATION ACTIONS -.PP All secret manipulation actions operate upon a \f[I]secret\f[R] which is the pathname of an encrypted file relative to the keyring with optional -\f[V].asc\f[R] extension. +\f[CR].asc\f[R] extension. .PP -If the \f[V].asc\f[R] extension is omitted, keyringer will add it at the -end of the pathname. +If the \f[CR].asc\f[R] extension is omitted, keyringer will add it at +the end of the pathname. .PP No spaces are allowed in the secret name. .PP @@ -134,7 +114,7 @@ append <\f[I]secret\f[R]> Append contents into a secret by decrypting the secret, appending lines read from the standard input and encrypting again. .TP -append-batch <\f[I]secret\f[R]> +append\-batch <\f[I]secret\f[R]> Append contents into a secret, batch mode. .TP decrypt <\f[I]secret\f[R]> @@ -166,11 +146,11 @@ Rename a secret. edit <\f[I]secret\f[R]> Edit a secret by temporarily decrypting it, opening the decrypted copy into the text editor defined by the \f[I]$EDITOR\f[R] environment -variable and then re-encrypting it. +variable and then re\-encrypting it. .RS .PP Please make sure to use an -\f[I]\f[R]E\f[I]\f[R]D\f[I]\f[R]I\f[I]\f[R]T\f[I]\f[R]O\f[I]\f[R]R\f[I]\[u2005]*\[u2005]\f[R]w\f[I]\f[R]h\f[I]\f[R]i\f[I]\f[R]c\f[I]\f[R]h\f[I]\f[R]d\f[I]\f[R]o\f[I]\f[R]e\f[I]\f[R]s\f[I]\f[R]n\f[I]\f[R]o\f[I]\f[R]t\f[I]\f[R]l\f[I]\f[R]e\f[I]\f[R]a\f[I]\f[R]k\f[I]\f[R]d\f[I]\f[R]a\f[I]\f[R]t\f[I]\f[R]a\f[I]\f[R]l\f[I]\f[R]i\f[I]\f[R]k\f[I]\f[R]e\f[I]\f[R]h\f[I]\f[R]i\f[I]\f[R]s\f[I]\f[R]t\f[I]\f[R]o\f[I]\f[R]r\f[I]\f[R]y\f[I]\f[R]b\f[I]\f[R]u\f[I]\f[R]f\f[I]\f[R]f\f[I]\f[R]e\f[I]\f[R]r\f[I]\f[R]s\f[I].\f[R]K\f[I]\f[R]e\f[I]\f[R]y\f[I]\f[R]r\f[I]\f[R]i\f[I]\f[R]n\f[I]\f[R]g\f[I]\f[R]e\f[I]\f[R]r\f[I]\f[R]t\f[I]\f[R]r\f[I]\f[R]i\f[I]\f[R]e\f[I]\f[R]s\f[I]\f[R]t\f[I]\f[R]o\f[I]\f[R]d\f[I]\f[R]e\f[I]\f[R]t\f[I]\f[R]e\f[I]\f[R]c\f[I]\f[R]t\f[I]\f[R]i\f[I]\f[R]f\f[I]*EDITOR\f[R] +\f[I]\f[R]E\f[I]\f[R]D\f[I]\f[R]I\f[I]\f[R]T\f[I]\f[R]O\f[I]\f[R]R\f[I] * \f[R]w\f[I]\f[R]h\f[I]\f[R]i\f[I]\f[R]c\f[I]\f[R]h\f[I]\f[R]d\f[I]\f[R]o\f[I]\f[R]e\f[I]\f[R]s\f[I]\f[R]n\f[I]\f[R]o\f[I]\f[R]t\f[I]\f[R]l\f[I]\f[R]e\f[I]\f[R]a\f[I]\f[R]k\f[I]\f[R]d\f[I]\f[R]a\f[I]\f[R]t\f[I]\f[R]a\f[I]\f[R]l\f[I]\f[R]i\f[I]\f[R]k\f[I]\f[R]e\f[I]\f[R]h\f[I]\f[R]i\f[I]\f[R]s\f[I]\f[R]t\f[I]\f[R]o\f[I]\f[R]r\f[I]\f[R]y\f[I]\f[R]b\f[I]\f[R]u\f[I]\f[R]f\f[I]\f[R]f\f[I]\f[R]e\f[I]\f[R]r\f[I]\f[R]s\f[I].\f[R]K\f[I]\f[R]e\f[I]\f[R]y\f[I]\f[R]r\f[I]\f[R]i\f[I]\f[R]n\f[I]\f[R]g\f[I]\f[R]e\f[I]\f[R]r\f[I]\f[R]t\f[I]\f[R]r\f[I]\f[R]i\f[I]\f[R]e\f[I]\f[R]s\f[I]\f[R]t\f[I]\f[R]o\f[I]\f[R]d\f[I]\f[R]e\f[I]\f[R]t\f[I]\f[R]e\f[I]\f[R]c\f[I]\f[R]t\f[I]\f[R]i\f[I]\f[R]f\f[I]*EDITOR\f[R] is set to VIM and disables the \f[I].viminfo\f[R] file. .RE .TP @@ -181,20 +161,20 @@ No spaces are supported in the \f[I]secret\f[R] name. If \f[I]file\f[R] is actually a folder, keyringer will recursivelly encrypt all it\[cq]s contents. .TP -encrypt-batch <\f[I]secret\f[R]> [\f[I]file\f[R]] +encrypt\-batch <\f[I]secret\f[R]> [\f[I]file\f[R]] Encrypt content, batch mode. Behavior is identical to \f[I]encrypt\f[R] action, but less verbose. Useful inside scripts. .TP -genkeys <\f[I]ssh\f[R]|\f[I]gpg\f[R]|\f[I]x509\f[R]|\f[I]x509-self\f[R]|\f[I]ssl\f[R]|\f[I]ssl-self\f[R]> [\f[I]options\f[R]] -Wrapper to generate encryption key-pairs, useful for automated key +genkeys <\f[I]ssh\f[R]|\f[I]gpg\f[R]|\f[I]x509\f[R]|\f[I]x509\-self\f[R]|\f[I]ssl\f[R]|\f[I]ssl\-self\f[R]> [\f[I]options\f[R]] +Wrapper to generate encryption key\-pairs, useful for automated key deployment. .TP -genpair <\f[I]ssh\f[R]|\f[I]gpg\f[R]|\f[I]x509\f[R]|\f[I]x509-self\f[R]|\f[I]ssl\f[R]|\f[I]ssl-self\f[R]> [\f[I]options\f[R]] +genpair <\f[I]ssh\f[R]|\f[I]gpg\f[R]|\f[I]x509\f[R]|\f[I]x509\-self\f[R]|\f[I]ssl\f[R]|\f[I]ssl\-self\f[R]> [\f[I]options\f[R]] Alias for \f[I]genkeys\f[R] action. .TP open <\f[I]secret\f[R]> -Decrypt a secret into a temporary folder and open it using xdg-open, +Decrypt a secret into a temporary folder and open it using xdg\-open, which tries to figure out the file type and then calls the associated application. .RS @@ -218,17 +198,17 @@ secrets. .RE .TP recrypt <\f[I]secret\f[R]> -Re-encrypts a secret by decrypting it and encrypting it again. +Re\-encrypts a secret by decrypting it and encrypting it again. Useful when users are added into the recipient configuration. .RS .PP If no \f[I]secret\f[R] is given, all secrets in the repository are -re-encrypted. +re\-encrypted. .RE .TP clip [\f[I]query\f[R]] Copy the first line of a secret to the clipboard, following -password-store convention. +password\-store convention. .RS .PP If the query does not exactly match an existing secret, a interactive @@ -281,7 +261,7 @@ List, edit or add \f[I]user\f[R] preferences for a given repository. .RS .PP User preferences are settings which are saved in the user\[cq]s -keyringer folder (\f[V]$HOME/.keyringer/\f[R]), and not shared with the +keyringer folder (\f[CR]$HOME/.keyringer/\f[R]), and not shared with the other users. .PP Preferences are written using the \f[I]KEY=VALUE\f[R] syntax. @@ -295,7 +275,7 @@ Show keyringer usage information. help Alias for usage action. .TP -recipients <\f[I]ls\f[R]|\f[I]edit\f[R]> <\f[I]recipients-file\f[R]> +recipients <\f[I]ls\f[R]|\f[I]edit\f[R]> <\f[I]recipients\-file\f[R]> List, create or edit recipients configuration. .RS .PP @@ -304,15 +284,15 @@ used by keyringer when encrypting secrets and associated with email aliases. .PP Keyringer uses a default recipients file, but specifying a custom -\f[I]recipients-file\f[R] pathname will override this default. +\f[I]recipients\-file\f[R] pathname will override this default. .PP For instance, if a user encrypts a secret to a file in the keyring repository\[cq]s \f[I]accounting\f[R] folder, a -\f[I]recipients-file\f[R] under \f[I]accounting\f[R] will be used. -Encrypting a secret into \f[I]accounting/bank-accounts\f[R] will result -in a file \f[V]$KEYRING_FOLDER/keys/accounting/bank-accounts.asc\f[R] +\f[I]recipients\-file\f[R] under \f[I]accounting\f[R] will be used. +Encrypting a secret into \f[I]accounting/bank\-accounts\f[R] will result +in a file \f[CR]$KEYRING_FOLDER/keys/accounting/bank\-accounts.asc\f[R] encrypted using the public keys listed in the config -file\f[V]$KEYRING_FOLDER/config/recipients/accounting\f[R]. +file\f[CR]$KEYRING_FOLDER/config/recipients/accounting\f[R]. .PP Each line in a recipients file has entries in the format `john\[at]doe.com XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', where @@ -331,11 +311,11 @@ List all existing recipients files. Create or edit a recipients file. .RS .PP -Editing happens using the editor specified by the \f[V]$EDITOR\f[R] +Editing happens using the editor specified by the \f[CR]$EDITOR\f[R] environment variable. .PP -The required parameter \f[I]recipients-file\f[R] is interpreted relative -to the \f[V]$KEYRING_FOLDER/config/recipients/\f[R] folder. +The required parameter \f[I]recipients\-file\f[R] is interpreted +relative to the \f[CR]$KEYRING_FOLDER/config/recipients/\f[R] folder. .RE .RE .SH FILES @@ -350,19 +330,18 @@ $KEYRING_FOLDER/config/options Custom keyring options which will be applied for all users that use the keyringer repository. .SH LIMITATIONS -.PP Keyringer currently has the following limitations: .IP "1." 3 Metadata is not encrypted, meaning that an attacker with access to a keyringer repository can discover all public key IDs used for encryption, and which secrets are encrypted to which keys. This can be improved in the future by encrypting the repository -configuration with support for the \f[I]\[en]hidden-recipient\f[R] GnuPG -option and encrypted repository options. +configuration with support for the \f[I]\[en]hidden\-recipient\f[R] +GnuPG option and encrypted repository options. .RS 4 .PP To mitigate that, it\[cq]s possible to keep the repo just atop of an -encrypted and non-public place. +encrypted and non\-public place. .RE .IP "2." 3 History is not rewritten by default when secrets are removed from a @@ -402,11 +381,15 @@ be accessed by any application running in the user\[cq]s X11 session, so use this feature carefully. .RE .SH SEE ALSO -.PP The \f[I]README\f[R] file distributed with Keyringer contains full documentation. .PP The Keyringer source code and all documentation may be downloaded from -<https://keyringer.pw>. +\c +.UR https://keyringer.pw +.UE \c +\&. .SH AUTHORS -Silvio Rhatto <rhatto@riseup.net>. +Silvio Rhatto \c +.MT rhatto@riseup.net +.ME \c. |