diff options
Diffstat (limited to 'cli')
-rw-r--r-- | cli/icevault.1 | 89 |
1 files changed, 52 insertions, 37 deletions
diff --git a/cli/icevault.1 b/cli/icevault.1 index 46e80e5..b8c089b 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -8,6 +8,7 @@ IceVault \- IceVault client user interface .SH DESCRIPTION +.PP .B icevault\fR is an external password/login manager for Firefox. Its threat model is arguably more secure than the builtin manager's, as the browser is not granted direct access to the list of known HTML forms nor @@ -19,18 +20,18 @@ via a UNIX socket, which the browser creates upon startup; usual UNIX permissions can (and should) be used to restrict access to the socket. Further isolation can be achieved by using different UIDs for the browser and the \fBicevault\fR client. - +.PP Each form is stored in a separate file, encrypted separately with \fIgpg\fR(1); cleartext are never stored on disk. Form history can be kept track of by versioning the encrypted files to a Git repository as binary blobs. (Modification of the stored forms are then automatically committed to said repository.) File paths are of the form -".../\fIscheme\fR/\fIhostname\fR/\fIidentity\fR" where \fIidentity\fR is -an arbitrary user-chosen value (allowing multiple identities for a given -site); since the URI of the active tab can be retrieved from the socket -and since the URI of a stored form can be recovered from its file path, -phishing attacks are easily detected. - +\(lq.../\fIscheme\fR/\fIhostname\fR/\fIidentity\fR\(rq where +\fIidentity\fR is an arbitrary user-chosen value (allowing multiple +identities for a given site); since the URI of the active tab can be +retrieved from the socket and since the URI of a stored form can be +recovered from its file path, phishing attacks are easily detected. +.PP Like Firefox's builtin password manager, IceVault has some heuristics to detect signup and password changing pages. In these cases, and if the password fields are left blank, the (new) password is randomly chosen @@ -90,25 +91,39 @@ using the configuration value for \fIstore\fR and that for \fIgit-dir\fR as the Git working tree and Git repository, respectively. \fIstore\fR is automatically created if it is not an existing directory. +.RS It is recommended to initialize the repository as follows: - \fBicevault git\fR init - echo '*.gpg diff=gpg' >"${XDG_DATA_HOME:-$HOME/.local/share}/icevault/.gitattributes" - \fBicevault git\fR add .gitattributes - \fBicevault git\fR commit \-m 'Add Git attributes for .gpg binary files.' - \fBicevault git\fR config diff.gpg.binary true - \fBicevault git\fR config diff.gpg.textconv 'gpg \-o \- \-\-decrypt' +.nf +.RS +\fBicevault git\fR init +echo '*.gpg diff=gpg' >"${XDG_DATA_HOME:-$HOME/.local/share}/icevault/.gitattributes" +\fBicevault git\fR add .gitattributes +\fBicevault git\fR commit \-m 'Add Git attributes for .gpg binary files.' +\fBicevault git\fR config diff.gpg.binary true +\fBicevault git\fR config diff.gpg.textconv 'gpg \-o \- \-\-decrypt' +.RE +.fi The textconv config option enable on-the-fly decryption prior to Git operations such as \fIdiff\fR or \fIgrep\fR, see \fIgitattributes\fR(5). For instance, grep'ing through the cleartext becomes trivial: - \fBicevault git\fR grep \-\-textconv \fIpattern\fR +.nf +.RS +\fBicevault git\fR grep \-\-textconv \fIpattern\fR +.RE +.fi Signing each commit can be achieved as follows, see \fIgit-config\fR(1): - \fBicevault git\fR config commit.gpgsign true - \fBicevault git\fR config user.signingkey 0x39278DA8109E6244 +.nf +.RS +\fBicevault git\fR config commit.gpgsign true +\fBicevault git\fR config user.signingkey 0x39278DA8109E6244 +.RE +.fi +.RE .TP .B import\fR [\fB-f\fR, \fB--force\fR] [\fB-s\fR, \fB--socket=\fR\fIPATH\fR] [\fIidentity\fR] @@ -178,21 +193,21 @@ Options given on the command line override those found in the configuration file. The syntax of the configuration file is a serie of \fIOPTION\fR=\fIVALUE\fR lines; -everything after a "#" is considered a comment and ignored. -Valid options are: +everything after a \(lq#\(rq character is considered a comment and +ignored. Valid options are: .TP .I git-dir Path to the Git directory. Can be an absolute path or a path relative to the working directory (specified with the \fIstore\fR configuration option). -(Default: ".git") +(Default: \(lq.git\(rq) .TP .I gpg The \fIgpg\fR(1) command to use. Users of GnuPG 1.4.x will probably want to add the \fB--use-agent\fR and possibly \fB--batch\fR options. -(Default: "gpg".) +(Default: \(lqgpg\(rq.) .TP .I keyid @@ -203,43 +218,43 @@ fingerprint. .TP .I max-password-length -The maximum length for new passwords. (Default: "32".) +The maximum length for new passwords. (Default: \(lq32\(rq.) .TP .I pwgen -The command to use to generate new random passwords. May contain "%d", -which expands to the password's "maxLength" attribute (capped with the -\fImax-password-length\fR option). The command is expected to output to -the standard output, and may add a newline character afterwards, which -is not considered part of the password. -(Default: "pwgen \-s \-cyn %d".) +The command to use to generate new random passwords. May contain +\(lq%d\(rq, which expands to the password's \(lqmaxLength\(rq attribute +(capped with the \fImax-password-length\fR option). The command is +expected to output to the standard output, and may add a newline +character afterwards, which is not considered as part of the password. +(Default: \(lqpwgen \-s \-cyn %d\(rq.) .TP .I socket The path of the UNIX socket used to communicate with the browser. Can be an absolute path or a path relative to the default Firefox profile (or first profile found if there is no default profile) in the -"~/.mozilla/firefox" directory. +\(lq~/.mozilla/firefox\(rq directory. The socket path and permissions can be configured on the -Iceweasel/Firefox side with the "extensions.icevault.socketPath" and -"extensions.icevault.socketPerms" preferences in "about:config", -respectively. -(Default: "S.IceVault".) +Iceweasel/Firefox side with the \(lqextensions.icevault.socketPath\(rq +and \(lqextensions.icevault.socketPerms\(rq preferences in +\(lqabout:config\(rq, respectively. +(Default: \(lqS.IceVault\(rq.) .TP .I store The working directory. Can be an absolute path or a path relative to the XDG_DATA_HOME environment variable (or \fI~/.local/share\fR if XDG_DATA_HOME is unset). -(Default: "icevault".) +(Default: \(lqicevault\(rq.) .TP .I template The template mapping \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URIs -to (encrypted) files on disk. Must contain "%s", "%h", and "%i", which -respectively expand to the \fIscheme\fR, \fIhostname\fR and -\fIidentity\fR parts of the URI. -(Default: "%s/%h/%i.gpg".) +to (encrypted) files on disk. Must contain \(lq%s\(rq, \(lq%h\(rq, and +\(lq%i\(rq, which respectively expand to the \fIscheme\fR, +\fIhostname\fR and \fIidentity\fR parts of the URI. +(Default: \(lq%s/%h/%i.gpg\(rq.) .SH HTML FORM SELECTION The HTML form selection for the \fBimport\fR and \fBfill\fR commands is |