From e7350b5a861b46fd2f53b230311721a931e50169 Mon Sep 17 00:00:00 2001 From: Ben Kibbey Date: Mon, 25 Feb 2013 22:11:45 -0500 Subject: [PATCH] Minor doc updates and fixes. --- doc/libpwmd.3 | 12 ++++++------ doc/pwmc.1.in | 9 ++++++++- src/libpwmd.h.in | 40 ++++++++++++++++++---------------------- 3 files changed, 32 insertions(+), 29 deletions(-) diff --git a/doc/libpwmd.3 b/doc/libpwmd.3 index a437c653..9de8705f 100644 --- a/doc/libpwmd.3 +++ b/doc/libpwmd.3 @@ -1,4 +1,4 @@ -.TH "libpwmd.h" 3 "Sun Feb 24 2013" "Version 7.0.0" "libpwmd" \" -*- nroff -*- +.TH "libpwmd.h" 3 "Mon Feb 25 2013" "Version 7.0.0" "libpwmd" \" -*- nroff -*- .ad l .nh .SH NAME @@ -11,9 +11,9 @@ libpwmd is a library making it easy for applications to use the pwmd server\&. P \fBlibpwmd\fP should be thread-safe on a per handle bases\&. Meaning that only one thread should access a \fBpwm_t\fP handle at a time\&. .SH "Remote Connection Details" .PP -There are two methods of connecting to a remote pwmd server: an SSH channel, or over TLS\&. Connections over SSH are less reliable than TLS connections since a proxy program is needed to connect to the pwmd UNIX Domain Socket\&. The kernel that pwmd runs under may buffer the UDS data before it reaches the proxy program and there isn't a portable way to modify kernel buffer settings\&. For larger transfers of data this is noticeable by the hanging of the command that initiated the transfer\&. +There are two methods of connecting to a remote pwmd server: over SSH and over TLS\&. .PP -If you really do need an SSH connection you can do so by using an SSH channel to spawn a shell that executes a proxy server to connect to the pwmd local Unix Domain Socket\&. Authentication is done by using SSH public key (see \fBssh-keygen(1)\fP) authentication and verifying the host key against a local OpenSSH known hosts formatted file\&. +Connections over SSH are done by creating an SSH channel to spawn a shell that executes a proxy server to connect to the pwmd local Unix Domain Socket\&. Authentication is done by using SSH public key (see \fBssh-keygen(1)\fP) authentication and verifying the host key against a local OpenSSH known hosts formatted file\&. .PP An unknown servers public key can be added to a known hosts file after user confirmation by setting the callback function \fBpwmd_knownhost_cb_t\fP before connecting to the unknown host\&. .PP @@ -35,9 +35,9 @@ Only an SSH identity without a passphrase is supported\&. For now anyway\&. This 6\&.0\&.3 The first version to use the OpenSSH known hosts file format exclusively\&. Earlier versions used only an SHA1 hash of the host key\&. .RE .PP -As mentioned, TLS connections are more reliable since there is no proxy program needed to connect to the pwmd server\&. pwmd itself can accept TLS connections and like SSH connections they are created with \fBpwmd_connect()\fP\&. You'll need to generate a client key and X509 certificate then sign it with the same certificate authority (CA) that the pwmd server certificate was signed with\&. +Pwmd itself can accept TLS connections so no proxy program is needed as is when using SSH\&. Like SSH connections, TLS connections are created with \fBpwmd_connect()\fP\&. You will need to generate a client key and X509 certificate and then sign it with the same certificate authority (CA) that the pwmd server certificate was signed with\&. .PP -Certificates are similar to SSH public and private keys but a little harder to get setup correctly\&. See the \fBcerttool(1)\fP (recommended) and \fBopenssl(1)\fP manual pages for details\&. +Certificates are similar to SSH public and private keys but a little harder to setup correctly\&. See the \fBcerttool(1)\fP (recommended) and \fBopenssl(1)\fP manual pages for details\&. .SH "Pinentry Details" .PP \fBpinentry(1)\fP is a program that prompts the user for input which is normally a passphrase or a confirmation\&. libpwmd can use this program either locally (X11 forwarding is not yet supported) or have the pwmd server or gpg-agent use it's pinentry to retrieve a passphrase when needed\&. @@ -286,7 +286,7 @@ Remote connections over an SSH channel\&. \fBSee Also:\fP .SS "\fBpwm_t\fP" .PP -libpwmd handle\&. When a handle or context is mentioned in this documentation it is a pointer of this type\&. A new handle is created with \fBpwmd_new()\fP\&. +A libpwmd handle\&. When a pwmd handle or context is mentioned in this documentation it is a pointer of this type\&. A new handle is created with \fBpwmd_new()\fP\&. .SS "pwmd_inquire_cb_t" .PP diff --git a/doc/pwmc.1.in b/doc/pwmc.1.in index 7da702b6..db2a336e 100644 --- a/doc/pwmc.1.in +++ b/doc/pwmc.1.in @@ -19,7 +19,7 @@ \\$2 \(laURL: \\$1 \(ra\\$3 .. .if \n[.g] .mso www.tmac -.TH PWMC 1 "24 Feb 2013" "@VERSION@" "Password Manager Client" +.TH PWMC 1 "25 Feb 2013" "@VERSION@" "Password Manager Client" .SH NAME pwmc \- send a command to a pwmd server @@ -544,6 +544,13 @@ Connect to a remote pwmd server over TLS, interactively: .RS .I pwmc --url tls://hostname --ca-cert cafile.pem --client-cert client.pem --client-key clientkey.pem filename .RE +.P +Connect to a remote pwmd server over TLS and generate a new keypair +for a data file that may not already exist using a keyfile as +passphrase and inquire data from a file descriptor: +.RS +.I pwmc --url tls://hostname --ca-cert cafile.pem --client-cert client.pem --client-key clientkey.pem --inquire STORE --inquire-line 'some\\\\telement\\\\t' --inquire-fd 3 --key-file old_key --new-key-file new_key --cipher serpent128 --cipher-iterations 4000 --key-params '(genkey (rsa (nbits 4:1024)))' -S datafile 3