Resend pinentry options during PASSWD and SAVE.

[libpwmd.git] / doc / tutorial.lyx

#LyX 2.0 created this file. For more info see http://www.lyx.org/
\lyxformat 413
\begin_document
\begin_header
\textclass docbook
\use_default_options false
\maintain_unincluded_children false
\language english
\language_package default
\inputencoding auto
\fontencoding global
\font_roman default
\font_sans default
\font_typewriter default
\font_default_family default
\use_non_tex_fonts false
\font_sc false
\font_osf false
\font_sf_scale 100
\font_tt_scale 100

\graphics default
\default_output_format default
\output_sync 0
\bibtex_command default
\index_command default
\paperfontsize default
\spacing single
\use_hyperref false
\papersize default
\use_geometry false
\use_amsmath 0
\use_esint 0
\use_mhchem 1
\use_mathdots 1
\cite_engine basic
\use_bibtopic false
\use_indices false
\paperorientation portrait
\suppress_date false
\use_refstyle 0
\index Index
\shortcut idx
\color #008000
\end_index
\secnumdepth 3
\tocdepth 3
\paragraph_separation indent
\paragraph_indentation default
\quotes_language english
\papercolumns 1
\papersides 1
\paperpagestyle default
\tracking_changes false
\output_changes false
\html_math_output 0
\html_css_as_file 0
\html_be_strict false
\end_header

\begin_body

\begin_layout Title
Libpwmd Tutorial
\end_layout

\begin_layout Date
2-4-2013
\end_layout

\begin_layout Author
Ben Kibbey
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
bjk@luxsci.net
\end_layout

\end_inset


\end_layout

\begin_layout Author
\begin_inset CommandInset toc
LatexCommand tableofcontents

\end_inset


\end_layout

\begin_layout Section
Introduction
\end_layout

\begin_layout Standard
This is a tutorial showing the basic usage of libpwmd
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
http://libpwmd.sourceforge.net/
\end_layout

\end_inset

.
 Libpwmd
\emph on
 
\emph default
is a library making it easy for applications to use pwmd
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
http://pwmd.sourceforge.net/
\end_layout

\end_inset

 (
\emph on
Password Manager Daemon).
 Password Manager Daemon
\emph default
 is a universal data server.
 It began as a way to keep track of my passwords for accounts like email
 and websites but can be used to store anything you want.
\end_layout

\begin_layout Standard
There are other password management tools but pwmd has a couple of distinguishin
g features:
\end_layout

\begin_layout Itemize
It does not depend on a desktop environment but has the ability for applications
 to connect to it like a desktop solution provides.
\end_layout

\begin_layout Itemize
Some portion of a stored data can be shared with another portion in the
 same data file.
 This feature behaves a lot like a symbolic link on a file system, XML entities,
 or HTML targets if you're familiar with those, but implemented in a different
 way.
 This means less duplication of content.
 See 
\begin_inset CommandInset ref
LatexCommand ref
reference "sec:Linking-elements"

\end_inset

 for details.
\end_layout

\begin_layout Itemize
The XML document is encrypted with libgcrypt and can also use gpg-agent.
 Libgcrypt provides symmetric encryption while gpg-agent supports both PKI
 and smartcards.
\end_layout

\begin_layout Standard
Other features include:
\end_layout

\begin_layout Itemize
Multi-threaded.
 More than one client may access the same data file while optionally locking
 out other clients.
\end_layout

\begin_layout Itemize
Secure memory management.
 Pwmd will zero out memory before freeing it and the contents of the cached
 document are encrypted.
\end_layout

\begin_layout Itemize
Remote connections over TLS with client certificates used as authentication.
\end_layout

\begin_layout Itemize
Remote connections over SSH.
\end_layout

\begin_layout Section
File Format and Element Paths
\end_layout

\begin_layout Standard
The document is saved as an XML document and is manipulated by commands
 sent from a client.
 Commands that access data take what is called an 
\emph on
element path
\emph default
 as an argument.
 An element path is a character string containing XML element names representing
 branches of an element tree.
 The branches are separated with a TAB (ASCII 0x09) character.
 Why a TAB? So other characters can be used in the element name.
 If for example a '/' were used as the separator, then a URL (i.e., http://sf.net/)
 could not be used as an element name.
\end_layout

\begin_layout Standard
For the rest of this tutorial, when you see <TAB>, replace it with a real
 TAB character.
 For example, the element path "root<TAB>child<TAB>last" has the following
 element tree:
\end_layout

\begin_layout Code
<root>
\end_layout

\begin_layout Code
    <child>
\end_layout

\begin_layout Code
        <last>
\end_layout

\begin_layout Code
Content or XML CDATA of the "last" element.
\end_layout

\begin_layout Code
        </last>
\end_layout

\begin_layout Code
    </child>
\end_layout

\begin_layout Code
</root>
\end_layout

\begin_layout Standard
I should say that the XML structure that pwmd uses is a little more complicated.
 It really looks like the following internally, but we will use the above
 format in this tutorial for simplicity:
\end_layout

\begin_layout Code
<element _name="root">
\end_layout

\begin_layout Code
    <element _name="child">
\end_layout

\begin_layout Code
        <element _name="last">
\end_layout

\begin_layout Code
Content or CDATA of the "last" element.
\end_layout

\begin_layout Code
        </element>
\end_layout

\begin_layout Code
    </element>
\end_layout

\begin_layout Code
</element>
\end_layout

\begin_layout Standard
Every element created has an element named 
\emph on
element
\emph default
 with an attribute 
\emph on
_name
\emph default
 associated with it.
 The value of the 
\emph on
_name
\emph default
 attribute is what an element in an element path refers to.
 It is done this way so that a wider range of characters can be used in
 an element name while maintaining valid XML.
 In fact the only restriction of an element name is that it not contain
 whitespace characters and not begin with an exclamation point (ASCII 0x21
 or !).
 See 
\emph on

\begin_inset CommandInset ref
LatexCommand ref
reference "sec:Linking-elements"

\end_inset

 
\emph default
for an exception.
\end_layout

\begin_layout Standard
There is one other difference from your normal XML document in that only
 the first match of an element is considered for the current element tree
 depth.
 When an element of the current depth of an element tree is found, the next
 element in the element path is searched for beginning at the child node
 of the found element.
 From the example above:
\end_layout

\begin_layout Code
<root>
\end_layout

\begin_layout Code
    <child>
\end_layout

\begin_layout Code
        <last>
\end_layout

\begin_layout Code
Content or XML CDATA of the "last" element.
\end_layout

\begin_layout Code
        </last>
\end_layout

\begin_layout Code
    </child>
\end_layout

\begin_layout Code
    <child>
\end_layout

\begin_layout Code
This element will never be reached.
\end_layout

\begin_layout Code
    </child>
\end_layout

\begin_layout Code
</root>
\end_layout

\begin_layout Standard
The second "child" element is never reached.
\end_layout

\begin_layout Section
Connecting to PWMD
\end_layout

\begin_layout Standard
You will need a 
\emph on
pwmd
\emph default
 client to send commands to the pwmd server.
 
\emph on
libpwmd
\emph default
 includes a client named 
\emph on
pwmc
\emph default
.
 It is command-line based and there are not any fancy graphics, but it is
 good for understanding how 
\emph on
pwmd
\emph default
 commands are processed.
 If you want a more user friendly client that resembles a file manager and
 has a point and click interface, try QPwmc 
\begin_inset Foot
status collapsed

\begin_layout Plain Layout
http://qpwmc.sourceforge.net/
\end_layout

\end_inset

 which uses the Qt4 toolkit and is also a full featured client.
\end_layout

\begin_layout Standard
In this tutorial we will use the 
\emph on
pwmc
\emph default
 client included with libpwmd.
 
\emph on
pwmc
\emph default
 has two modes that commands are read from: interactive and stdin.
 The interactive mode uses the readline library and has command history,
 while reading from standard input (stdin) makes shell scripting and automation
 easy.
 For the examples, we will be connecting to the default local unix domain
 socket that pwmd waits for connections on.
 Remote connections are possible over TLS or an SSH channel but those are
 not covered here.
 Read the pwmc(1) manual page for details about how to do that.
\end_layout

\begin_layout Standard
The example filename we will use is "datafile".
 It is initially a non-existent file but it will be created once we have
 saved to it.
 Now let us connect to the server in interactive mode and open the data
 file:
\end_layout

\begin_layout Code
$ pwmc datafile
\end_layout

\begin_layout Code
Connected.
\end_layout

\begin_layout Code
pwm>
\end_layout

\begin_layout Standard
The "pwm>" prompt is a readline prompt that has command history and can
 do filename completion.
 It also is annoying because, as mentioned, elements in element paths are
 TAB delimited, but command completion in readline uses the TAB character,
 too.
 To insert a real TAB character in interactive mode rather than do readline
 completion, you will need to first press CTRL-V and then press TAB.
\end_layout

\begin_layout Section
Commands
\end_layout

\begin_layout Standard
There are two different types of commands: client commands and protocol
 commands.
 The client commands are 
\emph on
pwmc
\emph default
 specific and only available to the 
\emph on
pwmc
\emph default
 client.
 Protocol commands are commands sent from any client and to the 
\emph on
pwmd
\emph default
 server.
 All pwmc client commands are prefixed with a dot '.' followed by the command
 name.
 Protocol commands are sent without any prefix.
 To see the available pwmc and protocol commands, send the HELP command:
\end_layout

\begin_layout Code
pwm> .help
\end_layout

\begin_layout Standard
or
\end_layout

\begin_layout Code
pwm> help
\end_layout

\begin_layout Standard
To store some data in an element path, you will need to know what element
 path to create.
 It is up to you how you want your data organized.
 If for example you will be storing account information it may be good to
 categorize what the account is for: email, instant messaging, blogging,
 etc.
 An application that uses libpwmd may require that a certain element path
 exists.
 Refer to that applications documentation to determine what element paths
 need to be created.
\end_layout

\begin_layout Standard
In the following example we will setup mail server element paths which can
 be used for other applications requiring a mail server configuration.
 First, lets create the hostname element path:
\end_layout

\begin_layout Code
pwm> STORE
\end_layout

\begin_layout Standard
The STORE command is a 
\emph on
pwmd
\emph default
 protocol command.
 This and a few other commands, use what is called a 
\emph on
server inquire
\emph default
 to retrieve data from the client while other commands retrieve the data
 only from the command arguments.
 The server inquire will wait for the client to finish sending its data
 before completing the command.
 When responding to a server inquire in pwmc, pwmc will show a message telling
 you that it is waiting for data to be sent.
 Enter the element path and its content, then press <CTRL-D> twice to finish
 sending the data and to let 
\emph on
pwmd
\emph default
 complete the command:
\end_layout

\begin_layout Code
pwm> STORE
\end_layout

\begin_layout Code
email<TAB>isp<TAB>IMAP<TAB>hostname<TAB>imap.server.com<CTRL-D><CTRL-D>
\end_layout

\begin_layout Standard
Remember that you should replace <TAB> in the examples with a real TAB character.
 It should be known that when sending data via a server inquire there is
 no need to press <CTRL-V> to insert the <TAB> character.
 That is only needed to be done from the readline command prompt and when
 not doing a server inquire.
\end_layout

\begin_layout Standard
After pressing the first <CTRL-D>, the characters that were entered are
 sent to 
\emph on
pwmd
\emph default
 and the inquire continues.
 To terminate the inquire and finish sending data for the command press
 <CTRL-D> a second time.
\end_layout

\begin_layout Standard
If you were to have pressed <RETURN> before any <CTRL-D> then the inquired
 line would have been sent in full including a newline character.
 Since in this example a newline character in a hostname is not a valid
 hostname, this is not what we want.
\end_layout

\begin_layout Standard
We have just created an element path whose XML structure looks like the
 following:
\end_layout

\begin_layout Code
<email>
\end_layout

\begin_layout Code
    <isp>
\end_layout

\begin_layout Code
        <IMAP>
\end_layout

\begin_layout Code
            <hostname>imap.server.com</hostname>
\end_layout

\begin_layout Code
        </IMAP>
\end_layout

\begin_layout Code
    </isp>
\end_layout

\begin_layout Code
</email>
\end_layout

\begin_layout Standard
The GET protocol command returns the value, or content, of the last element
 of an element path.
 To retrieve the hostname of the element path we just created, do:
\end_layout

\begin_layout Code
pwm> GET email<TAB>isp<TAB>IMAP<TAB>hostname
\end_layout

\begin_layout Code
imap.server.com
\end_layout

\begin_layout Standard
Remember that in interactive mode and when not doing a server inquire, you
 will need to press <CTRL-V> before pressing <TAB>.
\end_layout

\begin_layout Standard
Let us create the rest of the needed elements:
\end_layout

\begin_layout Code
pwm> STORE
\end_layout

\begin_layout Code
email<TAB>isp<TAB>IMAP<TAB>port<TAB>993<CTRL-D><CTRL-D>
\end_layout

\begin_layout Code
pwm> STORE
\end_layout

\begin_layout Code
email<TAB>isp<TAB>IMAP<TAB>ssl<TAB>1<CTRL-D><CTRL-D>
\end_layout

\begin_layout Code
pwm> STORE
\end_layout

\begin_layout Code
email<TAB>isp<TAB>username<TAB>myusername<CTRL-D><CTRL-D>
\end_layout

\begin_layout Code
pwm> STORE
\end_layout

\begin_layout Code
email<TAB>isp<TAB>password<TAB>mypassword<CTRL-D><CTRL-D>
\end_layout

\begin_layout Standard
Now the element structure for the "email" element looks like this:
\end_layout

\begin_layout Code
<email>
\end_layout

\begin_layout Code
    <isp>
\end_layout

\begin_layout Code
        <IMAP>
\end_layout

\begin_layout Code
              <hostname>imap.server.com</hostname>
\end_layout

\begin_layout Code
              <port>993</port>
\end_layout

\begin_layout Code
              <ssl>1</ssl>
\end_layout

\begin_layout Code
        </IMAP>
\end_layout

\begin_layout Code
        <username>myusername</username>
\end_layout

\begin_layout Code
        <password>mypassword</password>
\end_layout

\begin_layout Code
    </isp>
\end_layout

\begin_layout Code
</email>
\end_layout

\begin_layout Standard
If you wanted to change your password (after changing it on the mail server,
 of course) just do as you did when initially creating the password element
 path.
 The new content will overwrite the existing content:
\end_layout

\begin_layout Code
pwm> STORE
\end_layout

\begin_layout Code
email<TAB>isp<TAB>password<TAB>newpassword<CTRL-D><CTRL-D>
\end_layout

\begin_layout Standard
An application using libpwmd that needs to know mail server information
 now has all the information it needs.
 The only thing left to do now is to save the changes:
\end_layout

\begin_layout Code
pwm> <CTRL-D>
\end_layout

\begin_layout Standard
After pressing <CTRL-D> a prompt will be shown asking what to do next.
 Press 
\begin_inset Quotes eld
\end_inset

s
\begin_inset Quotes erd
\end_inset

 to save what we have created.
\end_layout

\begin_layout Standard
Since this is a new file, you will be prompted for a passphrase to use for
 encryption.
 Once done, the data file is encrypted and written to disk and the passphrase
 is cached in pwmd so you do not need to enter it the next time your data
 file is opened or saved.
 There are a few pwmd configuration parameters and commands that affect
 how this operates.
 See the 
\emph on
pwmd
\emph default
 documentation for details.
\end_layout

\begin_layout Section
\begin_inset CommandInset label
LatexCommand label
name "sec:Linking-elements"

\end_inset

Linking elements
\end_layout

\begin_layout Standard
One distinguishing feature of pwmd is the ability to share data of one element
 path with another.
 If for example your ISP lets you host a blog on their server and you use
 a blogging client that can use libpwmd for authentication details, you
 can share authentication information with the email example above when
 the account details are the same.
 When element linking is used, this avoids the need to change the content
 for both the blogging and email password elements.
\end_layout

\begin_layout Standard
This is done by setting a special 
\begin_inset Quotes eld
\end_inset

target
\begin_inset Quotes erd
\end_inset

 attribute for an element.
 It behaves similarly to the HTML 
\begin_inset Quotes eld
\end_inset

target
\begin_inset Quotes erd
\end_inset

 attribute or XML entities or a symbolic link on a filesystem.
 
\end_layout

\begin_layout Standard
Let's create an example blogging element path:
\end_layout

\begin_layout Code
pwm> STORE
\end_layout

\begin_layout Code
blog<TAB>isp<TAB>hostname<TAB>blog.myisp.com<CTRL-D><CTRL-D>
\end_layout

\begin_layout Code

\end_layout

\begin_layout Code
pwm> ATTR SET target blog<TAB>isp<TAB>username email<TAB>isp<TAB>username
\end_layout

\begin_layout Code
pwm> ATTR SET target blog<TAB>isp<TAB>password email<TAB>isp<TAB>password
\end_layout

\begin_layout Standard
Now each access of the "blog/isp/username" and "blog/isp/password" element
 paths, which were created if they did not already exist, will point to
 "email/isp/username" and "email/isp/password", respectively.
 To retrieve the value or content of an element that contains a "target"
 attribute without following any 
\begin_inset Quotes eld
\end_inset

target
\begin_inset Quotes erd
\end_inset

 attribute, prefix the element with a '!' when specifying it in an element
 path.
 For example:
\end_layout

\begin_layout Code
pwm> GET blog<TAB>isp<TAB>!password
\end_layout

\begin_layout Code
ERR 536870938: No value
\end_layout

\begin_layout Standard
An error is returned because we have not assigned a value to the literal
 element.
 A literal element is an element that either contains no "target" attribute
 or ignores it by prefixing the element with the mentioned literal element
 character '!'.
 Let us try storing an example password to the literal element to show usage:
\end_layout

\begin_layout Code
pwmd> STORE
\end_layout

\begin_layout Code
blog<TAB>isp<TAB>!password<TAB>literalpassword<CTRL-D><CTRL-D>
\end_layout

\begin_layout Standard
Now when we redo the previous GET command:
\end_layout

\begin_layout Code
pwm> GET blog<TAB>isp<TAB>!password
\end_layout

\begin_layout Code
literalpassword
\end_layout

\begin_layout Standard
This is the value of the literal password element of the element path.
 To follow the element path stored in the "target" attribute, omit the '!'
 in the password element.
 This will return the 
\begin_inset Quotes eld
\end_inset

email/isp/password
\begin_inset Quotes erd
\end_inset

 element content:
\end_layout

\begin_layout Code
pwm> GET blog<TAB>isp<TAB>password
\end_layout

\begin_layout Code
mypassword
\end_layout

\begin_layout Standard
A "target" attribute may also refer to another element with a "target" attribute.
 Every "target" attribute will be followed until there are no others to
 resolve.
 To get the real element path and resolve all "target" attributes, use the
 REALPATH command:
\end_layout

\begin_layout Code
pwm> REALPATH blog<TAB>isp<TAB>password
\end_layout

\begin_layout Code
!email<TAB>!isp<TAB>!password
\end_layout

\begin_layout Standard
As you can see each element is prefixed with the literal '!' character meaning
 that no "target" attribute exists in any element of the resulting element
 path.
\end_layout

\begin_layout Standard
Using the LIST command is useful to show the element structure of a document:
\end_layout

\begin_layout Code
pwm> LIST
\end_layout

\begin_layout Code
!email
\end_layout

\begin_layout Code
!blog
\end_layout

\begin_layout Code
pwm> LIST !email
\end_layout

\begin_layout Code
!email
\end_layout

\begin_layout Code
!email<TAB>!isp
\end_layout

\begin_layout Code
!email<TAB>!isp<TAB>!username
\end_layout

\begin_layout Code
!email<TAB>!isp<TAB>!password
\end_layout

\begin_layout Code
!email<TAB>!isp<TAB>!IMAP<TAB>!hostname
\end_layout

\begin_layout Code
!email<TAB>!isp<TAB>!IMAP<TAB>!port
\end_layout

\begin_layout Code
!email<TAB>!isp<TAB>!IMAP<TAB>!ssl
\end_layout

\begin_layout Code
pwm> LIST !blog
\end_layout

\begin_layout Code
!blog
\end_layout

\begin_layout Code
!blog<TAB>!isp
\end_layout

\begin_layout Code
!blog<TAB>!isp<TAB>!username
\end_layout

\begin_layout Code
!blog<TAB>!isp<TAB>username
\end_layout

\begin_layout Code
!blog<TAB>!isp<TAB>!password
\end_layout

\begin_layout Code
!blog<TAB>!isp<TAB>password
\end_layout

\begin_layout Standard
Notice that there are two username and password elements in the 
\begin_inset Quotes eld
\end_inset

blog
\begin_inset Quotes erd
\end_inset

 element path: each with and without the literal element character prefix.
 This shows that both the username and password elements contain a "target"
 attribute.
\end_layout

\begin_layout Standard
For the final example, we will remove the 
\begin_inset Quotes eld
\end_inset

target
\begin_inset Quotes erd
\end_inset

 attribute of the blogging password element:
\end_layout

\begin_layout Code
pwm> ATTR DELETE target blog<TAB>isp<TAB>!password
\end_layout

\begin_layout Standard
If we were to have omitted the '!' from the password element then pwmd would
 try to remove the "target" attribute from the "email/isp/password" element
 path.
 That would return an error because no 
\begin_inset Quotes eld
\end_inset

target
\begin_inset Quotes erd
\end_inset

 attribute had been set for that element.
\end_layout

\begin_layout Standard
Note that the "blog" and "isp" elements have no literal element character
 prepended to them in the example.
 It is not needed because they have no 
\begin_inset Quotes eld
\end_inset

target
\begin_inset Quotes erd
\end_inset

 attribute themselves.
\end_layout

\begin_layout Standard
Using 
\begin_inset Quotes eld
\end_inset

target
\begin_inset Quotes erd
\end_inset

 attributes can be confusing.
 The best way to get the hang of linking elements is to experiment and use
 the LIST and DUMP commands to show the document structure.
 Remember to use the literal element prefix '!' when you do not want to
 follow any "target" attributes.
\end_layout

\end_body
\end_document