Reintegrate all functionali...
Marco Ricci authored 2 months ago
|
1) # derivepassphrase-vault(1)
2)
3) ## NAME
4)
5) derivepassphrase-vault – derive a passphrase using the vault(1)
6) derivation scheme
7)
8) ## SYNOPSIS
9)
10) ````
11) derivepassphrase vault [OPTIONS] [SERVICE]
12) ````
13)
14) ## DESCRIPTION
15)
16) Using a master passphrase or a master SSH key, derive a passphrase for
17) <i>SERVICE</i>, subject to length, character and character repetition
18) constraints. The derivation is cryptographically strong, meaning that even
19) if a single passphrase is compromised, guessing the master passphrase or
20) a different service's passphrase is computationally infeasible. The
21) derivation is also deterministic, given the same inputs, thus the resulting
22) passphrase need not be stored explicitly. The service name and constraints
23) themselves also need not be kept secret; the latter are usually stored in
24) a world-readable file.
25)
26) If operating on global settings, or importing/exporting settings, then
27) <i>SERVICE</i> must be omitted. Otherwise it is required.
28)
29) ## OPTIONS
30)
31) ### Password generation
32)
33) <b>-p</b>, <b>-</b><b>-phrase</b>
34) : prompts you for your passphrase
35)
36) <b>-k</b>, <b>-</b><b>-key</b>
37) : uses your SSH private key to generate passwords
38)
39) <b>-l</b>, <b>-</b><b>-length</b> <var>NUMBER</var>
40) : emits password of length <var>NUMBER</var>
41)
42) <b>-r</b>, <b>-</b><b>-repeat</b> <var>NUMBER</var>
43) : allows maximum of <var>NUMBER</var> repeated adjacent chars
44)
45) <b>-</b><b>-lower</b> <var>NUMBER</var>
46) : includes at least <var>NUMBER</var> lowercase letters
47)
48) <b>-</b><b>-upper</b> <var>NUMBER</var>
49) : includes at least <var>NUMBER</var> uppercase letters
50)
51) <b>-</b><b>-number</b> <var>NUMBER</var>
52) : includes at least <var>NUMBER</var> digits
53)
54) <b>-</b><b>-space</b> <var>NUMBER</var>
55) : includes at least <var>NUMBER</var> spaces
56)
57) <b>-</b><b>-dash</b> <var>NUMBER</var>
58) : includes at least <var>NUMBER</var> `-` or `_`
59)
60) <b>-</b><b>-symbol</b> <var>NUMBER</var>
61) : includes at least <var>NUMBER</var> symbol chars
62)
63) Use <var>NUMBER</var>=0, e.g. `--symbol 0`, to exclude a character type from
64) the output.
65)
66) ### Configuration
67)
68) <b>-n</b>, <b>-</b><b>-notes</b>
69) : spawn an editor to edit notes for <var>SERVICE</var>
70)
71) <b>-c</b>, <b>-</b><b>-config</b>
72) : saves the given settings for <var>SERVICE</var> or global
73)
74) <b>-x</b>, <b>-</b><b>-delete</b>
75) : deletes settings for <var>SERVICE</var>
76)
77) <b>-</b><b>-delete-globals</b>
78) : deletes the global shared settings
79)
80) <b>-X</b>, <b>-</b><b>-clear</b>
81) : deletes all settings
82)
83) Use `$VISUAL` or `$EDITOR` to configure the spawned editor.
84)
85) ### Storage management
86)
87) <b>-e</b>, <b>-</b><b>-export</b> <var>PATH</var>
88) : export all saved settings into file <var>PATH</var>
89)
90) <b>-i</b>, <b>-</b><b>-import</b> <var>PATH</var>
91) : import saved settings from file <var>PATH</var>
92)
93) Using `-` as <var>PATH</var> for standard input/standard output is supported.
94)
95) ### Other Options
96)
97) <b>--version</b>
98) : Show the version and exit.
99)
100) <b>-h</b>, <b>-</b><b>-help</b>
101) : Show this message and exit.
102)
103) ## WARNINGS
104)
105) There is **no way** to retrieve the generated passphrases if the master
106) passphrase, the SSH key, or the exact passphrase settings are lost,
107) short of trying out all possible combinations. You are **strongly**
108) advised to keep independent backups of the settings and the SSH key, if
109) any.
110)
111) The configuration is **not** encrypted, and you are **strongly**
112) discouraged from using a stored passphrase.
113)
114) ## SEE ALSO
115)
116) [derivepassphrase(1)](derivepassphrase.1.md),
|
Reintegrate all functionali...