From 421e0afd790b5061d3bf71baf2915945cfb584e8 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 27 Mar 2015 01:55:51 +0100 Subject: Configuration validation; separate store/template. --- cli/icevault.1 | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 0eac11f..7db6be9 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -117,9 +117,9 @@ output. This flags turns off this behavior. .TP .B \-s\fR \fIsockpath\fR, \fB\-\-socket=\fR\fIsockpath\fR Specify the path of the UNIX socket used to communicate with the -browser. If the path does not start with a slash "/", it is assumed to -be relative to the default Firefox profile (or first profile found if -there is no default profile) in the "~/.mozilla/firefox" directory. +browser. Can be an absolute path or a path relative to the default +Firefox profile (or first profile found if there is no default profile) +in the "~/.mozilla/firefox" directory. The socket path and permissions can be configured on the Iceweasel/Firefox side with the "extensions.icevault.socketPath" and "extensions.icevault.socketPerms" preferences in "about:config", @@ -144,12 +144,14 @@ Valid options are: .TP .I gpg -The \fIgpg\fR(1) binary to use. (Default: "gpg".) +The \fIgpg\fR(1) command to use. Note that users of GnuPG 1.4.x will +probably want to add the \fB--use-agent\fR option. (Default: "gpg".) .TP .I keyid -The OpenPGP key ID used as encryption recipient. Must be given a -64-bits keyid or full fingerprint. +A comma-separated list of OpenPGP key ID(s) used as encryption +recipient(s). Each component must be given as 64-bits keyid or full +fingerprint. .TP .I max-password-length @@ -166,10 +168,10 @@ is not considered part of the password. .TP .I socket -The path of the UNIX socket used to communicate with the browser. If -the path does not start with a slash "/", it is assumed to be relative -to the default Firefox profile (or first profile found if there is no -default profile) in the "~/.mozilla/firefox" directory. +The path of the UNIX socket used to communicate with the browser. Can +be an absolute path or a path relative to the default Firefox profile +(or first profile found if there is no default profile) in the +"~/.mozilla/firefox" directory. The socket path and permissions can be configured on the Iceweasel/Firefox side with the "extensions.icevault.socketPath" and "extensions.icevault.socketPerms" preferences in "about:config", @@ -178,12 +180,18 @@ respectively. .TP .I store +The working directory. Can be an absolute path or a path relative +to \fI$XDG_CONFIG_HOME\fR (or \fI~/.local/share\fR if XDG_CONFIG_HOME is +unset). +(Default: "icevault".) + +.TP +.I template The template mapping \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URIs to (encrypted) files on disk. Must contain "%s", "%h", and "%i", which respectively expand to the \fIscheme\fR, \fIhostname\fR and \fIidentity\fR parts of the URI. -(Default: "$XDG_DATA_HOME/icevault/%s/%h/%i.gpg", or -"~/.data/icevault/%s/%h/%i.gpg" if $XDG_DATA_HOME is unset.) +(Default: "%s/%h/%i.gpg".) .SH AUTHOR Guilhem Moulin -- cgit v1.2.3 From 2da97abb9caf281e159267d4f6d17538a471253c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 28 Mar 2015 22:01:22 +0100 Subject: icevault [COMMAND] [OPTION ...] [ARG ...] --- cli/icevault.1 | 93 +++++++++++++++++++++++----------------------------------- 1 file changed, 36 insertions(+), 57 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 7db6be9..0768b68 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -4,17 +4,7 @@ IceVault \- IceVault client user interface .SH SYNOPSIS -.B icevault\fR [\fIOPTIONS\fR] [\fBfill\fR] \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -.br -.B icevault\fR [\fIOPTIONS\fR] \fBinsert\fR [\fIidentity\fR] -.br -.B icevault\fR [\fIOPTIONS\fR] \fBdump\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -.br -.B icevault\fR [\fIOPTIONS\fR] \fBclip\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -.br -.B icevault\fR [\fIOPTIONS\fR] \fBedit\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -.br -.B icevault\fR [\fIOPTIONS\fR] \fBls\fR [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]]] +.B icevault\fR [\fICOMMAND\fR] [\fIOPTION\fR ...] [\fIARG\fR ...] .SH DESCRIPTION @@ -46,8 +36,10 @@ using \fIpwgen\fR(1). .SH COMMANDS +If \fICOMMAND\fR is omitted, \fBfill\fR is assumed. + .TP -.B fill\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR +.B fill\fR [\fB-f\fR, \fB--force\fR] [\fB-p\fR, \fB--show-passwords\fR] [\fB-s\fR, \fB--socket=\fR\fIPATH\fR] \fIscheme\fR://\fIhostname\fR/\fIidentity\fR If the scheme (resp. hostname) of the active tab of the active window is not \fIscheme\fR (resp. \fIhostname\fR) the program assumes a phishing attempt and aborts. Otherwise, the \fIidentity\fR file is decrypted and @@ -60,11 +52,34 @@ If \fIidentity\fR has a single password whereas the webpage has 2 (resp. 3), a signup (resp. password changing) page is assumed, and a new password is randomly generated using \fIpwgen\fR(1) if the fields are left blank. +Use \fB--socket=\fR\fIPATH\fR to specify the path to the IceVault +socket. If \fB-f\fR is set, existing values on the browser are ignored. +Passwords are redacted unless the flag \fB-p\fR is set. + +.TP +.B clip\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR +Decrypt the \fIidentity\fR file and copy its first password to the +clipboard using \fIxclip\fR(1), with a maximum number of pastes of 1. + +.TP +.B dump\fR [\fB-p\fR, \fB--show-passwords\fR] \fIscheme\fR://\fIhostname\fR/\fIidentity\fR +Decrypt the \fIidentity\fR file and dump its content on the standard +output. Note that while the output is a valid YAML document, original +formatting may not be preserved; in particular, comments and empty lines +are stripped. Passwords are redacted unless the flag \fB-p\fR is set. .TP -.B insert\fR [\fIidentity\fR] +.B edit\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR +Decrypt the \fIidentity\fR file to a temporary file and open it using +the editor specified by the EDITOR environment variable (or \fIeditor\fR +if EDITOR is unset). Upon exit, the file is reencrypted if the SHA-256 +digest of its content differs. Note that formatting and comments may +not be preserved by subsequent updates of the \fIidentity\fR file. + +.TP +.B insert\fR [\fB-f\fR, \fB--force\fR] [\fB-s\fR, \fB--socket=\fR\fIPATH\fR] [\fIidentity\fR] Create a new \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URI available -for further \fBfill\fR and other commands. +for further commands. Store the first visible form on the active tab of the active window which contains a password (or the first visible form with a non-empty field if no visible form has a password). If \fIidentity\fR is omitted, it @@ -74,33 +89,17 @@ password). If the webpage has 2 (resp. 3), a signup (resp. password changing) page is assumed, and a new password is randomly generated using \fIpwgen\fR(1) if the fields are left blank. +Use \fB--socket=\fR\fIPATH\fR to specify the path to the IceVault +socket. If the flag \fB-f\fR is set, override the \fIidentity\fR file +if it already exists (the default is to abort). .TP -.B dump\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -Decrypt the \fIidentity\fR file and dump its content on the standard -output. Note that while the output is a valid YAML document, original -formatting may not be preserved; in particular, comments and empty lines -are stripped. +.B ls\fR [\fB-0\fR, \fB--zero\fR] [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]]] +List content of the given identity prefix. If the flag \fB-0\fR is set, +use NUL as line separator. -.TP -.B clip\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -Decrypt the \fIidentity\fR file and copy the first password to the -clipboard using \fIxclip\fR(1), with a maximum number of pastes of 1. -.TP -.B edit\fR \fIscheme\fR://\fIhostname\fR/\fIidentity\fR -Decrypt the \fIidentity\fR file to a temporary file and opens it using -the editor specified by the EDITOR environment variable. When the -editor exits, the file is reencrypted if the SHA-256 digest of its -content differs. Note that formatting and comments may not be preserved -by subsequent updates of the \fIidentity\fR file. - -.TP -.B ls\fR [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]]] -List content of the given identity prefix. - - -.SH OPTIONS +.SH GLOBAL OPTIONS .TP .B \-\-debug Turn on debug mode. @@ -109,30 +108,10 @@ Turn on debug mode. .B \-h\fR, \fB\-\-help\fR Output a brief help and exit. -.TP -.B \-p\fR, \fB\-\-show\-passwords\fR -By default passwords are redacted when printing forms to the standard -output. This flags turns off this behavior. - -.TP -.B \-s\fR \fIsockpath\fR, \fB\-\-socket=\fR\fIsockpath\fR -Specify the path of the UNIX socket used to communicate with the -browser. Can be an absolute path or a path relative to the default -Firefox profile (or first profile found if there is no default profile) -in the "~/.mozilla/firefox" directory. -The socket path and permissions can be configured on the -Iceweasel/Firefox side with the "extensions.icevault.socketPath" and -"extensions.icevault.socketPerms" preferences in "about:config", -respectively. - .TP .B \-\-version Show the version number and exit. -.TP -.B \-0\fR, \fB\-\-zero -With the \fBls\fR command, use NUL instead of newline as line delimiter. - .SH CONFIGURATION FILE -- cgit v1.2.3 From 0db12ef8b87b37a9b7d55be5f8d4c2545b1dd0e4 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Fri, 27 Mar 2015 03:10:05 +0100 Subject: Add a 'git' command. --- cli/icevault.1 | 47 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 41 insertions(+), 6 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 0768b68..906cc8d 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -22,12 +22,14 @@ browser and the \fBicevault\fR client. Each form is stored in a separate file, encrypted separately with \fIgpg\fR(1); cleartext are never stored on disk. Form history can be kept -track of by adding the encrypted files to a VCS as binary blobs. File -paths are of the form ".../\fIscheme\fR/\fIhostname\fR/\fIidentity\fR" -where \fIidentity\fR is an arbitrary user-chosen value (allowing -multiple identities for a given site); since the URI of the active tab -can be retrieved from the socket and since the URI of a stored form can -be recovered from its file path, phishing attacks are easily detected. +track of by versioning the encrypted files to a Git repository as binary +blobs. (Modification of the stored forms are then automatically +committed to said repository.) File paths are of the form +".../\fIscheme\fR/\fIhostname\fR/\fIidentity\fR" where \fIidentity\fR is +an arbitrary user-chosen value (allowing multiple identities for a given +site); since the URI of the active tab can be retrieved from the socket +and since the URI of a stored form can be recovered from its file path, +phishing attacks are easily detected. Like Firefox's builtin password manager, IceVault has some heuristics to detect signup and password changing pages. In these cases, and if the @@ -76,6 +78,33 @@ if EDITOR is unset). Upon exit, the file is reencrypted if the SHA-256 digest of its content differs. Note that formatting and comments may not be preserved by subsequent updates of the \fIidentity\fR file. +.TP +.B git\fR \fIGIT-COMMAND\fR [\fIGIT-ARG\fR...] +Pass \fIGIT-COMMAND\fR [\fIGIT-ARG\fR...] as arguments to \fIgit\fR(1) +using the configuration value for \fIstore\fR and that for \fIgit-dir\fR +as the Git working tree and Git repository, respectively. +\fIstore\fR is automatically created if it is not an existing directory. + +It is recommended to initialize the repository as follows: + + \fBicevault git\fR init + echo '*.gpg diff=gpg' >"${XDG_DATA_HOME:-$HOME/.local/share}/icevault/.gitattributes" + \fBicevault git\fR add .gitattributes + \fBicevault git\fR commit \-m 'Add Git attributes for .gpg binary files.' + \fBicevault git\fR config diff.gpg.binary true + \fBicevault git\fR config diff.gpg.textconv 'gpg2 \-o \- \-\-decrypt' + +The textconv config option enable on-the-fly decryption prior to Git +operations such as \fIdiff\fR or \fIgrep\fR, see \fIgitattributes\fR(5). +For instance, grep'ing through the cleartext becomes trivial: + + \fBicevault git\fR grep \-\-textconv \fIpattern\fR + +Signing each commit can be achieved as follows, see \fIgit-config\fR(1): + + \fBicevault git\fR config commit.gpgsign true + \fBicevault git\fR config user.signingkey 0x39278DA8109E6244 + .TP .B insert\fR [\fB-f\fR, \fB--force\fR] [\fB-s\fR, \fB--socket=\fR\fIPATH\fR] [\fIidentity\fR] Create a new \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URI available @@ -121,6 +150,12 @@ XDG_CONFIG_HOME is unset. Empty lines and comments (starting with a "#" characters are ignored). Valid options are: +.TP +.I git-dir +Path to the Git directory. Can be an absolute path or a path relative +to the working directory (specified with \fIstore\fR). +(Default: ".git") + .TP .I gpg The \fIgpg\fR(1) command to use. Note that users of GnuPG 1.4.x will -- cgit v1.2.3 From ed3adbf9fad33794fe3892bd2598060374cb0b95 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 28 Mar 2015 23:16:10 +0100 Subject: Add a 'reencrypt' command. --- cli/icevault.1 | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 906cc8d..b0308a5 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -127,6 +127,14 @@ if it already exists (the default is to abort). List content of the given identity prefix. If the flag \fB-0\fR is set, use NUL as line separator. +.TP +.B reencrypt\fR [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]] ...] +Reencrypt each given identity prefix(es) with the \fIkeyid\fR(s) found in +the configuration file as recpient(s). If no argument is given, +reencrypt the entire store. If \fIidentity\fR (resp. +\fIidentity\fR/\fIhostname\fR) is omitted, reencrypt all identities +found under \fIscheme\fR://\fIhostname\fR/ (resp. \fIscheme\fR://). + .SH GLOBAL OPTIONS .TP -- cgit v1.2.3 From 157c7d4e24cc11da132fcce30e384970b0aaa005 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 28 Mar 2015 23:51:23 +0100 Subject: Fix 'ls', and add a --recursive flag. --- cli/icevault.1 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index b0308a5..d49601f 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -123,9 +123,12 @@ socket. If the flag \fB-f\fR is set, override the \fIidentity\fR file if it already exists (the default is to abort). .TP -.B ls\fR [\fB-0\fR, \fB--zero\fR] [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]]] +.B ls\fR [\fB-0\fR, \fB--zero\fR] [\fB-r\fR, \fB--recursive\fR] [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]] ...] List content of the given identity prefix. If the flag \fB-0\fR is set, -use NUL as line separator. +use NUL as line separator. If the flag \fB-r\fR is set and +\fIidentity\fR (resp. \fIhostname\fR/\fIidentity\fR) is omitted, list +recursively all identities under \fIscheme\fR://\fIhostname\fR/ (resp. +\fIscheme\fR://). .TP .B reencrypt\fR [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]] ...] -- cgit v1.2.3 From d86d75224bf26aacabb93cd5496e15e03d87753e Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 29 Mar 2015 00:29:52 +0100 Subject: Add 'cp' and 'mv' commands. --- cli/icevault.1 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index d49601f..2e40af3 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -63,6 +63,13 @@ Passwords are redacted unless the flag \fB-p\fR is set. Decrypt the \fIidentity\fR file and copy its first password to the clipboard using \fIxclip\fR(1), with a maximum number of pastes of 1. +.TP +.B cp\fR [\fB-f\fR, \fB--force\fR] \fIscheme\fR://\fIhostname\fR/\fIidentity1\fR \fIscheme\fR://\fIhostname\fR/\fIidentity2\fR +Copy \fIscheme\fR://\fIhostname\fR/\fIidentity1\fR to +\fIscheme\fR://\fIhostname\fR/\fIidentity2\fR. The destination is +reencrypted on the fly. If \fB-f\fR is set, don't ask before overriding +an existing destination identity. + .TP .B dump\fR [\fB-p\fR, \fB--show-passwords\fR] \fIscheme\fR://\fIhostname\fR/\fIidentity\fR Decrypt the \fIidentity\fR file and dump its content on the standard @@ -130,6 +137,13 @@ use NUL as line separator. If the flag \fB-r\fR is set and recursively all identities under \fIscheme\fR://\fIhostname\fR/ (resp. \fIscheme\fR://). +.TP +.B mv\fR [\fB-f\fR, \fB--force\fR] \fIscheme\fR://\fIhostname\fR/\fIidentity1\fR \fIscheme\fR://\fIhostname\fR/\fIidentity2\fR +Rename \fIscheme\fR://\fIhostname\fR/\fIidentity1\fR as +\fIscheme\fR://\fIhostname\fR/\fIidentity2\fR. The destination is +reencrypted on the fly. If \fB-f\fR is set, don't ask before overriding +an existing destination identity. + .TP .B reencrypt\fR [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]] ...] Reencrypt each given identity prefix(es) with the \fIkeyid\fR(s) found in -- cgit v1.2.3 From cb159c7f64cc64fafffd9dcc7c605bb12497fd02 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 29 Mar 2015 01:11:30 +0100 Subject: Add a 'rm' command. --- cli/icevault.1 | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 2e40af3..299e591 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -152,6 +152,12 @@ reencrypt the entire store. If \fIidentity\fR (resp. \fIidentity\fR/\fIhostname\fR) is omitted, reencrypt all identities found under \fIscheme\fR://\fIhostname\fR/ (resp. \fIscheme\fR://). +.TP +.B rm\fR [\fB-f\fR, \fB--force\fR] [\fB-r\fR, \fB--recursive\fR] [\fIscheme\fR://[\fIhostname\fR/[\fIidentity\fR]] ...] +Delete the given identity prefix(es). Croak if \fIidentity\fR is +omitted, unless \fB-r\fR is set. If \fB-f\fR is set, don't prompt before +each deletion. + .SH GLOBAL OPTIONS .TP -- cgit v1.2.3 From 1399dc5cf6e5bf1a88cab91c21b2f10ab4be754b Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 29 Mar 2015 21:15:11 +0200 Subject: Be consistent gpg2 vs. gpg. --- cli/icevault.1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 299e591..bd58cdf 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -99,7 +99,7 @@ It is recommended to initialize the repository as follows: \fBicevault git\fR add .gitattributes \fBicevault git\fR commit \-m 'Add Git attributes for .gpg binary files.' \fBicevault git\fR config diff.gpg.binary true - \fBicevault git\fR config diff.gpg.textconv 'gpg2 \-o \- \-\-decrypt' + \fBicevault git\fR config diff.gpg.textconv 'gpg \-o \- \-\-decrypt' The textconv config option enable on-the-fly decryption prior to Git operations such as \fIdiff\fR or \fIgrep\fR, see \fIgitattributes\fR(5). -- cgit v1.2.3 From 1f9333be49708ead26a1dba4748775dfeff145e5 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 29 Mar 2015 21:16:30 +0200 Subject: Describe the form selection algorithm in a dedicated section. --- cli/icevault.1 | 36 ++++++++++++++++++++++++++++-------- 1 file changed, 28 insertions(+), 8 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index bd58cdf..8aaa76c 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -45,10 +45,8 @@ If \fICOMMAND\fR is omitted, \fBfill\fR is assumed. If the scheme (resp. hostname) of the active tab of the active window is not \fIscheme\fR (resp. \fIhostname\fR) the program assumes a phishing attempt and aborts. Otherwise, the \fIidentity\fR file is decrypted and -used to fill a visible form on the browser. -Form selection is done by matching on the base URI; it fallbacks to the -first form containing a password; and further fallbacks to the first -form with a non-empty field. +used to fill a visible form on the browser. The HTML form selection +algorithm is described in the \fBHTML FORM SELECTION\fR section. Changes to the \fIidentity\fR are detected and can be saved on demand. If \fIidentity\fR has a single password whereas the webpage has 2 (resp. 3), a signup (resp. password changing) page is assumed, and a new @@ -115,10 +113,8 @@ Signing each commit can be achieved as follows, see \fIgit-config\fR(1): .TP .B insert\fR [\fB-f\fR, \fB--force\fR] [\fB-s\fR, \fB--socket=\fR\fIPATH\fR] [\fIidentity\fR] Create a new \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URI available -for further commands. -Store the first visible form on the active tab of the active window which -contains a password (or the first visible form with a non-empty field if -no visible form has a password). If \fIidentity\fR is omitted, it +for further commands. The HTML form selection algorithm is described in +the \fBHTML FORM SELECTION\fR section. If \fIidentity\fR is omitted, it defaults to the value of the last textual value before the first password (or the first textual value if the selected form has no password). @@ -238,6 +234,30 @@ respectively expand to the \fIscheme\fR, \fIhostname\fR and \fIidentity\fR parts of the URI. (Default: "%s/%h/%i.gpg".) +.SH HTML FORM SELECTION +The HTML form selection for the \fBinsert\fR and \fBfill\fR commands is +performed in the following order: + +.nr step 1 1 +.IP \n[step]. 3 +Consider only the visible forms of the active tab of the active window. +.IP \n+[step]. +If there is a matching identity in the store, consider only the forms +with matching action / base URI; and if there is a single match take it +(\fBfill\fR only). +.IP \n+[step]. +If one of the considered forms has a password field and a (possibly +different) non-empty field, take the first one found. +.IP \n+[step]. +Otherwise (if all forms with a password field are empty), and if there +is a form with a password field, take the first one found. +.IP \n+[step]. +Otherwise (if no form has a password field), and if there +is a non-empty form, take the first one found. +form. +.IP \n+[step]. +Otherwise (if all forms are empty), take the first form in the list. + .SH AUTHOR Guilhem Moulin .SH SEE ALSO -- cgit v1.2.3 From c2e536c9ce1be626731bfc177a15ad5d6c45caaf Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sun, 29 Mar 2015 21:20:53 +0200 Subject: s/insert/import/g --- cli/icevault.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 8aaa76c..d1a2084 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -111,7 +111,7 @@ Signing each commit can be achieved as follows, see \fIgit-config\fR(1): \fBicevault git\fR config user.signingkey 0x39278DA8109E6244 .TP -.B insert\fR [\fB-f\fR, \fB--force\fR] [\fB-s\fR, \fB--socket=\fR\fIPATH\fR] [\fIidentity\fR] +.B import\fR [\fB-f\fR, \fB--force\fR] [\fB-s\fR, \fB--socket=\fR\fIPATH\fR] [\fIidentity\fR] Create a new \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URI available for further commands. The HTML form selection algorithm is described in the \fBHTML FORM SELECTION\fR section. If \fIidentity\fR is omitted, it @@ -235,7 +235,7 @@ respectively expand to the \fIscheme\fR, \fIhostname\fR and (Default: "%s/%h/%i.gpg".) .SH HTML FORM SELECTION -The HTML form selection for the \fBinsert\fR and \fBfill\fR commands is +The HTML form selection for the \fBimport\fR and \fBfill\fR commands is performed in the following order: .nr step 1 1 -- cgit v1.2.3 From 3d18927234445d5355fb05914c203d6dafa3d656 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 30 Mar 2015 02:24:29 +0200 Subject: Document the configuration syntax. --- cli/icevault.1 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index d1a2084..81c8322 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -173,8 +173,12 @@ Show the version number and exit. \fBicevault\fR reads it configuration from \fI$XDG_CONFIG_HOME/icevault\fR, or \fI~/.config/icevault\fR if -XDG_CONFIG_HOME is unset. -Empty lines and comments (starting with a "#" characters are ignored). +the XDG_CONFIG_HOME environment variable is unset. +Options given on the command line override those found in the +configuration file. +The syntax of the configuration file is a serie of +\fIOPTION\fR=\fIVALUE\fR lines; +everything after a "#" is considered a comment and ignored. Valid options are: .TP -- cgit v1.2.3 From 3b2e8ee11ecd3fa8604f0d503c6732b99f2d24ea Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 30 Mar 2015 02:25:17 +0200 Subject: Make it clearer that 'keyid' is required. --- cli/icevault.1 | 1 + 1 file changed, 1 insertion(+) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 81c8322..5052416 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -197,6 +197,7 @@ probably want to add the \fB--use-agent\fR option. (Default: "gpg".) A comma-separated list of OpenPGP key ID(s) used as encryption recipient(s). Each component must be given as 64-bits keyid or full fingerprint. +(Required.) .TP .I max-password-length -- cgit v1.2.3 From 821ff99e80961888fd05ea05ad66889708f77cb7 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 30 Mar 2015 02:25:43 +0200 Subject: manpage wibble --- cli/icevault.1 | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 5052416..46e80e5 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -184,13 +184,15 @@ Valid options are: .TP .I git-dir Path to the Git directory. Can be an absolute path or a path relative -to the working directory (specified with \fIstore\fR). +to the working directory (specified with the \fIstore\fR configuration +option). (Default: ".git") .TP .I gpg -The \fIgpg\fR(1) command to use. Note that users of GnuPG 1.4.x will -probably want to add the \fB--use-agent\fR option. (Default: "gpg".) +The \fIgpg\fR(1) command to use. Users of GnuPG 1.4.x will probably +want to add the \fB--use-agent\fR and possibly \fB--batch\fR options. +(Default: "gpg".) .TP .I keyid @@ -227,8 +229,8 @@ respectively. .TP .I store The working directory. Can be an absolute path or a path relative -to \fI$XDG_CONFIG_HOME\fR (or \fI~/.local/share\fR if XDG_CONFIG_HOME is -unset). +to the XDG_DATA_HOME environment variable (or \fI~/.local/share\fR if +XDG_DATA_HOME is unset). (Default: "icevault".) .TP @@ -259,7 +261,6 @@ is a form with a password field, take the first one found. .IP \n+[step]. Otherwise (if no form has a password field), and if there is a non-empty form, take the first one found. -form. .IP \n+[step]. Otherwise (if all forms are empty), take the first form in the list. -- cgit v1.2.3 From 5af89eb57e11b29dfd82d3a52618b0c0dad1b24a Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 30 Mar 2015 03:38:38 +0200 Subject: Replace " with \(rq / \(rq in the manpage. --- cli/icevault.1 | 89 ++++++++++++++++++++++++++++++++++------------------------ 1 file changed, 52 insertions(+), 37 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 46e80e5..b8c089b 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -8,6 +8,7 @@ IceVault \- IceVault client user interface .SH DESCRIPTION +.PP .B icevault\fR is an external password/login manager for Firefox. Its threat model is arguably more secure than the builtin manager's, as the browser is not granted direct access to the list of known HTML forms nor @@ -19,18 +20,18 @@ via a UNIX socket, which the browser creates upon startup; usual UNIX permissions can (and should) be used to restrict access to the socket. Further isolation can be achieved by using different UIDs for the browser and the \fBicevault\fR client. - +.PP Each form is stored in a separate file, encrypted separately with \fIgpg\fR(1); cleartext are never stored on disk. Form history can be kept track of by versioning the encrypted files to a Git repository as binary blobs. (Modification of the stored forms are then automatically committed to said repository.) File paths are of the form -".../\fIscheme\fR/\fIhostname\fR/\fIidentity\fR" where \fIidentity\fR is -an arbitrary user-chosen value (allowing multiple identities for a given -site); since the URI of the active tab can be retrieved from the socket -and since the URI of a stored form can be recovered from its file path, -phishing attacks are easily detected. - +\(lq.../\fIscheme\fR/\fIhostname\fR/\fIidentity\fR\(rq where +\fIidentity\fR is an arbitrary user-chosen value (allowing multiple +identities for a given site); since the URI of the active tab can be +retrieved from the socket and since the URI of a stored form can be +recovered from its file path, phishing attacks are easily detected. +.PP Like Firefox's builtin password manager, IceVault has some heuristics to detect signup and password changing pages. In these cases, and if the password fields are left blank, the (new) password is randomly chosen @@ -90,25 +91,39 @@ using the configuration value for \fIstore\fR and that for \fIgit-dir\fR as the Git working tree and Git repository, respectively. \fIstore\fR is automatically created if it is not an existing directory. +.RS It is recommended to initialize the repository as follows: - \fBicevault git\fR init - echo '*.gpg diff=gpg' >"${XDG_DATA_HOME:-$HOME/.local/share}/icevault/.gitattributes" - \fBicevault git\fR add .gitattributes - \fBicevault git\fR commit \-m 'Add Git attributes for .gpg binary files.' - \fBicevault git\fR config diff.gpg.binary true - \fBicevault git\fR config diff.gpg.textconv 'gpg \-o \- \-\-decrypt' +.nf +.RS +\fBicevault git\fR init +echo '*.gpg diff=gpg' >"${XDG_DATA_HOME:-$HOME/.local/share}/icevault/.gitattributes" +\fBicevault git\fR add .gitattributes +\fBicevault git\fR commit \-m 'Add Git attributes for .gpg binary files.' +\fBicevault git\fR config diff.gpg.binary true +\fBicevault git\fR config diff.gpg.textconv 'gpg \-o \- \-\-decrypt' +.RE +.fi The textconv config option enable on-the-fly decryption prior to Git operations such as \fIdiff\fR or \fIgrep\fR, see \fIgitattributes\fR(5). For instance, grep'ing through the cleartext becomes trivial: - \fBicevault git\fR grep \-\-textconv \fIpattern\fR +.nf +.RS +\fBicevault git\fR grep \-\-textconv \fIpattern\fR +.RE +.fi Signing each commit can be achieved as follows, see \fIgit-config\fR(1): - \fBicevault git\fR config commit.gpgsign true - \fBicevault git\fR config user.signingkey 0x39278DA8109E6244 +.nf +.RS +\fBicevault git\fR config commit.gpgsign true +\fBicevault git\fR config user.signingkey 0x39278DA8109E6244 +.RE +.fi +.RE .TP .B import\fR [\fB-f\fR, \fB--force\fR] [\fB-s\fR, \fB--socket=\fR\fIPATH\fR] [\fIidentity\fR] @@ -178,21 +193,21 @@ Options given on the command line override those found in the configuration file. The syntax of the configuration file is a serie of \fIOPTION\fR=\fIVALUE\fR lines; -everything after a "#" is considered a comment and ignored. -Valid options are: +everything after a \(lq#\(rq character is considered a comment and +ignored. Valid options are: .TP .I git-dir Path to the Git directory. Can be an absolute path or a path relative to the working directory (specified with the \fIstore\fR configuration option). -(Default: ".git") +(Default: \(lq.git\(rq) .TP .I gpg The \fIgpg\fR(1) command to use. Users of GnuPG 1.4.x will probably want to add the \fB--use-agent\fR and possibly \fB--batch\fR options. -(Default: "gpg".) +(Default: \(lqgpg\(rq.) .TP .I keyid @@ -203,43 +218,43 @@ fingerprint. .TP .I max-password-length -The maximum length for new passwords. (Default: "32".) +The maximum length for new passwords. (Default: \(lq32\(rq.) .TP .I pwgen -The command to use to generate new random passwords. May contain "%d", -which expands to the password's "maxLength" attribute (capped with the -\fImax-password-length\fR option). The command is expected to output to -the standard output, and may add a newline character afterwards, which -is not considered part of the password. -(Default: "pwgen \-s \-cyn %d".) +The command to use to generate new random passwords. May contain +\(lq%d\(rq, which expands to the password's \(lqmaxLength\(rq attribute +(capped with the \fImax-password-length\fR option). The command is +expected to output to the standard output, and may add a newline +character afterwards, which is not considered as part of the password. +(Default: \(lqpwgen \-s \-cyn %d\(rq.) .TP .I socket The path of the UNIX socket used to communicate with the browser. Can be an absolute path or a path relative to the default Firefox profile (or first profile found if there is no default profile) in the -"~/.mozilla/firefox" directory. +\(lq~/.mozilla/firefox\(rq directory. The socket path and permissions can be configured on the -Iceweasel/Firefox side with the "extensions.icevault.socketPath" and -"extensions.icevault.socketPerms" preferences in "about:config", -respectively. -(Default: "S.IceVault".) +Iceweasel/Firefox side with the \(lqextensions.icevault.socketPath\(rq +and \(lqextensions.icevault.socketPerms\(rq preferences in +\(lqabout:config\(rq, respectively. +(Default: \(lqS.IceVault\(rq.) .TP .I store The working directory. Can be an absolute path or a path relative to the XDG_DATA_HOME environment variable (or \fI~/.local/share\fR if XDG_DATA_HOME is unset). -(Default: "icevault".) +(Default: \(lqicevault\(rq.) .TP .I template The template mapping \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URIs -to (encrypted) files on disk. Must contain "%s", "%h", and "%i", which -respectively expand to the \fIscheme\fR, \fIhostname\fR and -\fIidentity\fR parts of the URI. -(Default: "%s/%h/%i.gpg".) +to (encrypted) files on disk. Must contain \(lq%s\(rq, \(lq%h\(rq, and +\(lq%i\(rq, which respectively expand to the \fIscheme\fR, +\fIhostname\fR and \fIidentity\fR parts of the URI. +(Default: \(lq%s/%h/%i.gpg\(rq.) .SH HTML FORM SELECTION The HTML form selection for the \fBimport\fR and \fBfill\fR commands is -- cgit v1.2.3 From 1703c96398f9fa202f00a01e46c45ffb6eb2fe25 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 30 Mar 2015 17:16:49 +0200 Subject: wibble --- cli/icevault.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index b8c089b..7eb268c 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -99,9 +99,9 @@ It is recommended to initialize the repository as follows: \fBicevault git\fR init echo '*.gpg diff=gpg' >"${XDG_DATA_HOME:-$HOME/.local/share}/icevault/.gitattributes" \fBicevault git\fR add .gitattributes -\fBicevault git\fR commit \-m 'Add Git attributes for .gpg binary files.' +\fBicevault git\fR commit \-m 'Add an attribute for .gpg binary files.' \fBicevault git\fR config diff.gpg.binary true -\fBicevault git\fR config diff.gpg.textconv 'gpg \-o \- \-\-decrypt' +\fBicevault git\fR config diff.gpg.textconv 'gpg \-o \- \-\-decrypt \-\-' .RE .fi -- cgit v1.2.3 From e27989d46022f18d7937017a1f41f05c4378fe3a Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 30 Mar 2015 22:03:16 +0200 Subject: Prefer single quotes in the manpage. --- cli/icevault.1 | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 7eb268c..88c0902 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -193,7 +193,7 @@ Options given on the command line override those found in the configuration file. The syntax of the configuration file is a serie of \fIOPTION\fR=\fIVALUE\fR lines; -everything after a \(lq#\(rq character is considered a comment and +everything after a \(oq#\(cq character is considered a comment and ignored. Valid options are: .TP @@ -223,7 +223,7 @@ The maximum length for new passwords. (Default: \(lq32\(rq.) .TP .I pwgen The command to use to generate new random passwords. May contain -\(lq%d\(rq, which expands to the password's \(lqmaxLength\(rq attribute +\(oq%d\(cq, which expands to the password's \(oqmaxLength\(cq attribute (capped with the \fImax-password-length\fR option). The command is expected to output to the standard output, and may add a newline character afterwards, which is not considered as part of the password. @@ -234,11 +234,11 @@ character afterwards, which is not considered as part of the password. The path of the UNIX socket used to communicate with the browser. Can be an absolute path or a path relative to the default Firefox profile (or first profile found if there is no default profile) in the -\(lq~/.mozilla/firefox\(rq directory. +\(oq~/.mozilla/firefox\(cq directory. The socket path and permissions can be configured on the -Iceweasel/Firefox side with the \(lqextensions.icevault.socketPath\(rq -and \(lqextensions.icevault.socketPerms\(rq preferences in -\(lqabout:config\(rq, respectively. +Iceweasel/Firefox side with the \(oqextensions.icevault.socketPath\(cq +and \(oqextensions.icevault.socketPerms\(cq preferences in +\(oqabout:config\(cq, respectively. (Default: \(lqS.IceVault\(rq.) .TP @@ -251,8 +251,8 @@ XDG_DATA_HOME is unset). .TP .I template The template mapping \fIscheme\fR://\fIhostname\fR/\fIidentity\fR URIs -to (encrypted) files on disk. Must contain \(lq%s\(rq, \(lq%h\(rq, and -\(lq%i\(rq, which respectively expand to the \fIscheme\fR, +to (encrypted) files on disk. Must contain \(oq%s\(cq, \(oq%h\(cq, and +\(oq%i\(cq, which respectively expand to the \fIscheme\fR, \fIhostname\fR and \fIidentity\fR parts of the URI. (Default: \(lq%s/%h/%i.gpg\(rq.) -- cgit v1.2.3 From 020ac04b7f743b707538fd40ae85ee862cdc31ec Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 31 Mar 2015 22:14:34 +0200 Subject: Add --quiet to the default gpg options. --- cli/icevault.1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 88c0902..4138348 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -101,7 +101,7 @@ echo '*.gpg diff=gpg' >"${XDG_DATA_HOME:-$HOME/.local/share}/icevault/.gitattrib \fBicevault git\fR add .gitattributes \fBicevault git\fR commit \-m 'Add an attribute for .gpg binary files.' \fBicevault git\fR config diff.gpg.binary true -\fBicevault git\fR config diff.gpg.textconv 'gpg \-o \- \-\-decrypt \-\-' +\fBicevault git\fR config diff.gpg.textconv 'gpg \-qo \- \-\-decrypt \-\-' .RE .fi @@ -207,7 +207,7 @@ option). .I gpg The \fIgpg\fR(1) command to use. Users of GnuPG 1.4.x will probably want to add the \fB--use-agent\fR and possibly \fB--batch\fR options. -(Default: \(lqgpg\(rq.) +(Default: \(lqgpg \-\-quiet\(rq.) .TP .I keyid -- cgit v1.2.3 From 6db424f4a8fc0586237157dd9cc5d0ca350535b2 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 1 Sep 2015 02:33:54 +0200 Subject: Use groff's mailto markup. --- cli/icevault.1 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'cli/icevault.1') diff --git a/cli/icevault.1 b/cli/icevault.1 index 4138348..a0f0946 100644 --- a/cli/icevault.1 +++ b/cli/icevault.1 @@ -280,6 +280,9 @@ is a non-empty form, take the first one found. Otherwise (if all forms are empty), take the first form in the list. .SH AUTHOR -Guilhem Moulin +Written by Guilhem Moulin +.MT guilhem@fripost.org +.ME . + .SH SEE ALSO \fBgpg\fR(1) -- cgit v1.2.3