diff options
Diffstat (limited to 'icevault.1')
-rw-r--r-- | icevault.1 | 183 |
1 files changed, 0 insertions, 183 deletions
diff --git a/icevault.1 b/icevault.1 deleted file mode 100644 index 1413382..0000000 --- a/icevault.1 +++ /dev/null @@ -1,183 +0,0 @@ -.TH ICEVAULT "1" "March 2015" "icevault" "User Commands" - -.SH NAME -IceVault \- IceVault client user interface - -.SH SYNOPSIS -.B icevault\fR [\fIOPTIONS\fR] [\fBfill\fR] \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -.br -.B icevault\fR [\fIOPTIONS\fR] \fBinsert\fR [\fIidentity\fR] -.br -.B icevault\fR [\fIOPTIONS\fR] \fBdump\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -.br -.B icevault\fR [\fIOPTIONS\fR] \fBclip\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -.br -.B icevault\fR [\fIOPTIONS\fR] \fBedit\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -.br -.B icevault\fR [\fIOPTIONS\fR] \fBls\fR [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]]] - - -.SH DESCRIPTION -.B icevault\fR is an external password/login manager for Firefox. Its -threat model is arguably more secure than the builtin manager's, as the -browser is not granted direct access to the list of known HTML forms nor -their content: instead, managing forms is delegated to a separate -process, the \fBicevault\fR client, and the filling is done by manual -request. -Communication between the \fBicevault\fR client and the browser is done -via a UNIX socket, which the browser creates upon startup; usual UNIX -permissions can (and should) be used to restrict access to the socket. -Further isolation can be achieved by using different UIDs for the -browser and the \fBicevault\fR client. - -Each form is stored in a separate file, encrypted separately with -\fIgpg\fR(1); cleartext are never stored on disk. Form history can be kept -track of by adding the encrypted files to a VCS as binary blobs. File -paths are of the form ".../\fIscheme\fR/\fIhostname\fR/\fIidentity\fR" -where \fIidentity\fR is an arbitrary user-chosen value (allowing -multiple identities for a given site); since the URI of the active tab -can be retrieved from the socket and since the URI of a stored form can -be recovered from its file path, phishing attacks are easily detected. - -Like Firefox's builtin password manager, IceVault has some heuristics to -detect signup and password changing pages. In these cases, and if the -password fields are left blank, the (new) password is randomly chosen -using \fIpwgen\fR(1). - - -.SH COMMANDS -.TP -.B fill\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -If the scheme (resp. hostname) of the active tab of the active window is -not \fIscheme\fR (resp. \fIhostname\fR) the program assumes a phishing -attempt and aborts. Otherwise, the \fIidentity\fR file is decrypted and -used to fill a visible form on the browser. -Form selection is done by matching on the base URI; it fallbacks to the -first form containing a password; and further fallbacks to the first -form with a non-empty field. -Changes to the \fIidentity\fR are detected and can be saved on demand. -If \fIidentity\fR has a single password whereas the webpage has 2 (resp. -3), a signup (resp. password changing) page is assumed, and a new -password is randomly generated using \fIpwgen\fR(1) if the fields are -left blank. - -.TP -.B insert\fR [\fIidentity\fR] -Create a new \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URI available -for further \fBfill\fR and other commands. -Store the first visible form on the active tab of the active window which -contains a password (or the first visible form with a non-empty field if -no visible form has a password). If \fIidentity\fR is omitted, it -defaults to the value of the last textual value before the first -password (or the first textual value if the selected form has no -password). -If the webpage has 2 (resp. 3), a signup (resp. password changing) page -is assumed, and a new password is randomly generated using -\fIpwgen\fR(1) if the fields are left blank. - -.TP -.B dump\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -Decrypt the \fIidentity\fR file and dump its content on the standard -output. Note that while the output is a valid YAML document, original -formatting may not be preserved; in particular, comments and empty lines -are stripped. - -.TP -.B clip\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -Decrypt the \fIidentity\fR file and copy the first password to the -clipboard using \fIxclip\fR(1), with a maximum number of pastes of 1. - -.TP -.B edit\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -Decrypt the \fIidentity\fR file to a temporary file and opens it using -the editor specified by the EDITOR environment variable. When the -editor exits, the file is reencrypted if the SHA-256 digest of its -content differs. Note that formatting and comments may not be preserved -by subsequent updates of the \fIidentity\fR file. - -.TP -.B ls\fR [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]]] -List content of the given identity prefix. - - -.SH OPTIONS -.TP -.B \-\-debug -Turn on debug mode. - -.TP -.B \-h\fR, \fB\-\-help\fR -Output a brief help and exit. - -.TP -.B \-p\fR, \fB\-\-show\-passwords\fR -By default passwords are redacted when printing forms to the standard -output. This flags turns off this behavior. - -.TP -.B \-s\fR \fIsockpath\fR, \fB\-\-socket=\fR\fIsockpath\fR -Specify the path of the UNIX socket used to communicate with the -browser. If the path does not start with a slash "/", it is assumed to -be relative to the default Firefox profile (or first profile found if -there is no default profile) in the "~/.mozilla/firefox" directory. - -.TP -.B \-\-version -Show the version number and exit. - -.TP -.B \-0\fR, \fB\-\-zero -With the \fBls\fR command, use NUL instead of newline as line delimiter. - - -.SH CONFIGURATION FILE - -\fBicevault\fR reads it configuration from -\fI$XDG_CONFIG_HOME/icevault\fR, or \fI~/.config/icevault\fR if -XDG_CONFIG_HOME is unset. -Empty lines and comments (starting with a "#" characters are ignored). -Valid options are: - -.TP -.I gpg -The \fIgpg\fR(1) binary to use. (Default: "gpg".) - -.TP -.I keyid -The OpenPGP key ID used as encryption recipient. Must be given a -64-bits keyid or full fingerprint. - -.TP -.I max-password-length -The maximum length for new passwords. (Default: "32".) - -.TP -.I pwgen -The command to use to generate new random passwords. May contain "%d", -which expands to the password's "maxLength" attribute (capped with the -\fImax-password-length\fR option). The command is expected to output to -the standard output, and may add a newline character afterwards, which -is not considered part of the password. -(Default: "pwgen -s -cyn %d".) - -.TP -.I socket -The path of the UNIX socket used to communicate with the browser. If -the path does not start with a slash "/", it is assumed to be relative -to the default Firefox profile (or first profile found if there is no -default profile) in the "~/.mozilla/firefox" directory. -(Default: "S.IceVault".) - -.TP -.I store -The template mapping \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URIs -to (encrypted) files on disk. Must contain "%s", "%h", and "%i", which -respectively expand to the \fIscheme\fR, \fIhostname\fR and -\fIidentity\fR parts of the URI. -(Default: "$XDG_DATA_HOME/icevault/%s/%h/%i.gpg", or -"~/.data/icevault/%s/%h/%i.gpg" if $XDG_DATA_HOME is unset.) - -.SH AUTHOR -Guilhem Moulin <guilhem@fripost.org> -.SH SEE ALSO -\fBgpg\fR(1) |