1 <?xml version="1.0" encoding="utf-8" standalone="no"?>
3 <!DOCTYPE reference PUBLIC "-//OASIS/DTD DocBook XML V4.5//EN"
4 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
11 <firstname>Petr</firstname>
12 <surname>Písař</surname>
15 <simpara>He's written Shigofumi and libisds.</simpara>
18 <productname>Shigofumi</productname>
21 <title>Manual for Shigofumi</title>
24 <refentry id="shigofumi.1">
26 <refentrytitle>shigofumi</refentrytitle>
27 <manvolnum>1</manvolnum>
31 <refname>shigofumi</refname>
32 <refpurpose>ISDS client</refpurpose>
37 <command>shigofumi</command>
38 <arg choice="opt"><option>-c</option> <replaceable>FILE</replaceable></arg>
42 <command>shigofumi</command>
43 <arg choice="opt"><option>-c</option> <replaceable>FILE</replaceable></arg>
44 <arg choice="plain"><option>-e</option>
45 <replaceable>COMMANDS</replaceable></arg>
49 <command>shigofumi</command>
50 <arg choice="plain"><option>-V</option></arg>
55 <title>Description</title>
57 <para>Shigofumi is an <abbrev>ISDS</abbrev> client based on libisds
58 library. The client can access <abbrev>ISDS</abbrev>, processes local
59 message and delivery details, and submit file to authorized
62 <para>Shigofumi is command line oriented program. Once you start it, use
63 <command>help</command> to get list of embedded commands. Use
64 <command>help <replaceable>COMMAND</replaceable></command> to get
65 details about selected <replaceable>COMMAND</replaceable>. Be ware
66 that command listing changes contextually. User can use casual
67 readline shortcuts for line editing (like tab completing).</para>
69 <para>While transmitting data over Internet, a progress-bar is updated.
70 User can cancel current network operation by emitting SIGINT signal
71 (<keycombo><keycap>Ctrl</keycap><keycap>C</keycap></keycombo>
76 <title>Options</title>
80 <term><option>-c <replaceable>FILE</replaceable></option></term>
82 <simpara>Use configuration <replaceable>FILE</replaceable> instead
83 of default one.</simpara>
88 <term><option>-e <replaceable>COMMANDS</replaceable></option></term>
90 <simpara>Run shigofumi in batch mode: execute each command and
91 terminate then.</simpara>
93 <simpara>Commands are delimited by new line (<literal>\n</literal>
94 or <literal>\r</literal>). If any command fails, other commands
95 will not be processed and shigofumi will quit immediately with
96 non-zero exit code. If all commands succeed, shigofumi will return
100 <title>Authorized Conversion from Shell</title>
102 <programlisting>$ shigofumi -e 'convert /etc/passwd'</programlisting>
104 <simpara>The command submits <filename>/etc/passwd</filename>
105 file to authorized conversion. Although it's syntactically
106 correct, it will fail because plain text files are not allowed
107 to be converted. Check always return code in your scripts.</simpara>
113 <term><option>-V</option></term>
115 <simpara>Show program version and linked libraries details and
123 <title>Shigofumi Command Language</title>
125 <simpara>The language is straightforward. Each command is one case sensitive
126 word followed by (empty) sequence of arguments. Command and arguments
127 are separated by one or more white spaces. If you need to embed white
128 space into argument, use backslash (<literal>\</literal>) to escape
129 it. If you need to write backslash, escape it with backslash again.
130 String quotation is not currently supported.</simpara>
132 <simpara>If argument type is file name, you can use tilde symbol
133 (<literal>~</literal>) as abbreviation for user's home directory. Home
134 directory is derived from <envar>HOME</envar> environment
137 <simpara>Command names, file names and message identifiers can be
138 completed by pressing completion key (depends on readline
139 configuration, <keycap>Tab</keycap> usually). They are expanded only
140 after commands expecting argument of appropriate type.</simpara>
142 <simpara>Set of available commands changes with context.
143 <abbrev>E.g.</abbrev> If a message is loaded, commands for message
144 operation like save to file will become available. Also meaning of the
145 same command can change. <abbrev>E.g.</abbrev> <command>show</command>
146 command will print list of incoming messages if such list is
147 loaded; if a message is loaded, prints the message. List of currently
148 available commands can be obtained by <command>help</command>
151 <simpara>Syntax help for a command is printed after calling command with
152 invalid option or by <command>help</command> command with interested
153 command as first argument. Command option <option>-h</option> is
154 reserved as invalid option and shows always command usage.</simpara>
158 <title><abbrev>ISDS</abbrev></title>
160 <para><abbrev>ISDS</abbrev> (<phrase lang="cs">Informační systém
161 datových schránek</phrase> / Data Box Information System)
162 is defined by <ulink url="http://portal.gov.cz/zakon/300/2008">Czech <abbrev>ISDS</abbrev> Act (300/2008 <abbrev>Coll.</abbrev>)</ulink>
163 and implied documents.</para>
165 <para>The system is designed to deliver messages between public
166 authorities (government, courts <abbrev>etc.</abbrev>) and other
167 entities (corporations, persons, other government or municipality
168 offices) in reliable and traceable way.</para>
170 <para>Shigofumi implements following <abbrev>ISDS</abbrev> operations:
171 <simplelist type="inline"><member>Log in by name and password</member>
172 <member>Incoming and outgoing message listing</member>
173 <member>Accepting commercial message</member>
174 <member>Retrieving incoming and outgoing message</member>
175 <member>Explicit marking a message as read</member>
176 <member>Verifying message hash</member>
177 <member>Getting message hash stored in ISDS</member>
178 <member>Retrieving delivery details</member>
179 <member>Sending a message to one or more recipients</member>
180 <member>Searching a box by any criteria</member>
181 <member>Getting a box status</member>
182 <member>Changing user password</member>
183 <member>Getting user password expiration time</member>
184 <member>Getting details about user's box</member>
185 <member>Listing box users</member>
186 </simplelist>.</para>
188 <para>In addition, Shigofumi can save a message and delivery details
189 into local file and load it later again. Program can save each
190 document into local file (except XML documents).</para>
194 <title>Authorized conversion</title>
196 <para>Czech government offers a document conversion from digital to analogue
197 form and vice versa preserving legal impacts. This is done at Czech POINT
198 meeting place (in government, municipality or post office usually). Visit <ulink
199 url="https://www.czechpoint.cz/">Czech POINT web site</ulink> for more
202 <para>Shigofumi allows to submit a digital document (local file or
203 document delivered by an <abbrev>ISDS</abbrev> message) for
204 authorized conversion into Czech POINT deposit. If deposit accepts
205 the document, it will return a document identifier that user is
206 required to tell to an officer in a office where he wants to obtain
207 analogue version of his document.</para>
209 <para>Please note the deposit keeps submitted document for limited
210 period only. Old documents (30 days currently) are removed
211 automatically. Note also PDF documents with valid digital signature
212 can be converted only.</para>
219 <term><filename>~/.shigofumirc</filename></term>
221 <simpara>Default configuration file location.</simpara>
228 <title>See Also</title>
230 <link linkend="shigofumirc.5">
232 <refentrytitle>shigofumirc</refentrytitle>
233 <manvolnum>5</manvolnum>
241 <refentry id="shigofumirc.5">
243 <refentrytitle>shigofumirc</refentrytitle>
244 <manvolnum>5</manvolnum>
248 <refname>shigofumirc</refname>
249 <refpurpose>Configuration file for Shigofumi</refpurpose>
253 <title>Description</title>
255 <para>Configuration for shigofumi is loaded from
256 <filename>.shigofumirc</filename> in user's home directory by
259 <para>The file is plain text file with simple syntax: Setting is stored
260 in <replaceable>option</replaceable> <literal>=</literal>
261 <replaceable>value</replaceable> format. If value is a type of string,
262 it must be delimited by quotation marks. Boolean values can be
263 expressed as <literal>"true"</literal> or non-zero integer
264 (<literal>1</literal>) for affirmation, or <literal>"false"</literal>
265 or zero integer (<literal>0</literal>) for negation. Simple numeric
266 values are unquoted. Commentary starts with hash sign
267 (<literal>#</literal>) and continues to the end of the line.</para>
269 <para>If an option accepts list of values, the syntax is traditional
270 mathematical set notation: <literal>{</literal>
271 <replaceable>value1</replaceable> <literal>,</literal>
272 <replaceable>value2</replaceable> <literal>}</literal>.</para>
276 <title>Options</title>
278 <para>Following options are recognized. Not all of them must present.
279 Missing options fall to default value back.</para>
282 <title>Account Options</title>
286 <term><literal>base_url</literal></term>
288 <simpara>Base <abbrev>URL</abbrev> for <abbrev>ISDS</abbrev>
289 server. Be carefull when setting this value: This can reveal
290 your password to bad guys running fake server (if you do not
291 verify server identity preciously) and different host names
292 are used with different log-in mechanism. In addition, there
293 are two system instances administred by Czech government:
294 official one and testing one.</simpara>
296 <simpara><abbrev>E.g.</abbrev> use
297 <literal>"https://ws1.czebox.cz/"</literal> for testing
299 <literal>"https://ws1.mojedatovaschranka.cz/"</literal> for
300 official instance with valid and legal data when loging in
301 without <abbrev>TLS</abbrev> client certificate. Otherwise,
302 with client certificate in use, replace the
303 <literal>ws1</literal> domain with <literal>ws1c</literal>
304 domain. <abbrev>I.e.</abbrev>
305 <literal>"https://ws1c.czebox.cz/"</literal> for testing
307 <literal>"https://ws1c.mojedatovaschranka.cz/"</literal> for
308 offical instance.</simpara>
310 <simpara>Do not forget on leading protocol schema and trailing
311 slash. Default value is official instance locator provided by
312 libisds library.</simpara>
317 <term><literal>password</literal></term>
319 <simpara>Password assigned to given user-name. User must keep it
320 in secret. This password is used while HTTP authentication and
321 is passed to underlying network libraries. Make sure this
322 configuration file or your swap partition (network library
323 together with password can be swapped out during physical
324 memory outage) will not get to bad guys. Encrypt them before.
325 Default value is empty string.</simpara>
330 <term><literal>username</literal></term>
332 <simpara><abbrev>ISDS</abbrev> user log-in name. Identifies
333 a user in <abbrev>ISDS</abbrev>. One person can have more
334 identities. Default value is empty string.</simpara>
341 <title><abbrev>TLS</abbrev> Options</title>
345 <term><literal>ca_directory</literal></term>
347 <simpara>Path to directory with trusted authorities certificates
348 stored in separate files (files must have special names
349 usually). Default value is provided by underlying
350 cryptographic library. Exact meaning of this option depends
351 on interpretation by used cryptographic library.</simpara>
356 <term><literal>ca_file</literal></term>
358 <simpara>Path to file with trusted authorities certificates
359 (concatenated list of PEM-formatted certificates).
360 Default value is provided by underlying cryptographic library.
361 Exact meaning of this option depends on interpretation by used
362 cryptographic library.</simpara>
367 <term><literal>crl_file</literal></term>
369 <simpara>Path to file with certificate revocation lists
370 (concatenated list of CRLs in PEM format usually).
371 Default value is provided by underlying cryptographic library.
372 Exact meaning of this option depends on interpretation by used
373 cryptographic library.</simpara>
378 <term><literal>verify_server</literal></term>
380 <simpara>Boolean switch deciding whether server identity should
381 be verified. When using <abbrev>HTTPS</abbrev> connection to
382 the server, the identity of server can be verified in
383 <abbrev>TLS</abbrev> negotiation phase by validating server
384 certificate against trusted certificate authority certificate
385 and certificate revocation list. Default value is true. It's
386 strongly recommended to keep it on.</simpara>
393 <title>Network Options</title>
397 <term><literal>timeout</literal></term>
399 <simpara>Non-negative integer setting network time-out in
400 milliseconds. Use 0 not to limit any network operation.
401 Default value is 10,000 ms.</simpara>
408 <title>Log Options</title>
411 <term><literal>log_facilities</literal></term>
413 <para>List of string values selecting libisds facility to
414 log. Valid values are: <simplelist type="inline">
415 <member><literal>none</literal></member>
416 <member><literal>http</literal></member>
417 <member><literal>soap</literal></member>
418 <member><literal>isds</literal></member>
419 <member><literal>file</literal></member>
420 <member><literal>sec</literal></member>
421 <member><literal>xml</literal></member>
422 <member><literal>all</literal></member>
424 Default set is <literal>{"none"}</literal>.
430 <term><literal>log_file</literal></term>
432 <simpara>String value selecting file to append
433 <abbrev>ISDS</abbrev> log. The log catches libisds internal
434 debugging protocol. It does not cover messages produces by
435 shigofumi itself. This feature is designed to debug underlying
436 libraries and protocols like <abbrev>ISDS</abbrev>
437 <abbrev>SOAP</abbrev> or cURL's <abbrev>HTTP(S)</abbrev>.
438 If undefined, shigofumi logs to standard error output.</simpara>
443 <term><literal>log_level</literal></term>
445 <simpara>Integer value setting log verbosity of libisds from
446 interval <0;100>. 0 is no logging, 10 is critical
447 messages, 20 errors, 30 warnings, 40 informative messages,
448 50 debug messages, 100 messages of all severities. Default
449 log level is 20.</simpara>
456 <title>Other Options</title>
459 <term><literal>normalize_mime_type</literal></term>
461 <simpara>Boolean switch deciding whether <abbrev>MIME</abbrev>
462 type of documents retrieved from a message should be normalized
463 to standard values. Default value is true.</simpara>
465 <simpara><abbrev>ISDS</abbrev> does not check document
466 <abbrev>MIME</abbrev> type a client supplies. Unfortunately,
467 official client sends invalid values (file name extension
468 usually). This option allows Shigofumi to fix the type
469 on-the-fly. Be ware the original value stored in
470 <abbrev>ISDS</abbrev> or locally saved message keeps
478 <term><literal></literal></term>
486 <title>Notice on cryptographic library</title>
488 <para>Shigofumi uses libisds that utilizes cURL library that can use
489 three different cryptographic libraries at this time: OpenSSL, GnuTLS
490 and NSS. Each library has different set of features and different
491 configuration. Thus exact meaning of some Shigofumi configuration
492 options can be slightly shifted (<abbrev>e.g.</abbrev> the
493 name of client certificate and key). Some options cannot be understood
494 at all (<abbrev>e.g.</abbrev> GnuTLS does not support directory of
495 certificates).</para>
497 <para>Current cryptographic library can be determined from
498 <command>shigofumi -V</command> output.</para>
505 <term><filename>~/.shigofumirc</filename></term>
507 <simpara>Default location of the configuration file.</simpara>
514 <title>Example</title>
515 <programlisting><![CDATA[base_url = "https://ws1.czebox.cz/"
516 # These credentials are invalid
520 ca_file = /etc/ssl/certs/ca-certificates.crt
521 ca_directory = /etc/ssl/certs
522 crl_file = /etc/ssl/crl
523 log_facilities = {"http", "soap"}
528 <title>See Also</title>
530 <link linkend="shigofumi.1">
532 <refentrytitle>shigofumi</refentrytitle>
533 <manvolnum>1</manvolnum>