diff options
| author | James Crayne <jim.crayne@gmail.com> | 2015-06-24 03:37:09 -0400 |
|---|---|---|
| committer | James Crayne <jim.crayne@gmail.com> | 2015-06-24 03:42:39 -0400 |
| commit | aa82708a6ee2ff26c093dbd3e25fea8ceed349aa (patch) | |
| tree | 3cceda23eed927ae8f91cf97d43f2d147b1fdfe0 /kiki.hs | |
| parent | cdcf38baa587a7d44d200dd4fa33a5b20a8765c9 (diff) | |
Improving documentation...
Diffstat (limited to 'kiki.hs')
| -rw-r--r-- | kiki.hs | 157 |
1 files changed, 91 insertions, 66 deletions
| @@ -513,7 +513,11 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 513 | ," [--wallets FILE ...]" | 513 | ," [--wallets FILE ...]" |
| 514 | ,"" | 514 | ,"" |
| 515 | ," sync-secret syncs the information inside your OpenGPG keyring with information" | 515 | ," sync-secret syncs the information inside your OpenGPG keyring with information" |
| 516 | ," in other files. Information flows both in and out of your keyring." | 516 | ," in other files. Information flows both in and out of your keyring. This one command" |
| 517 | ," is powerful enough to impliment all the functionality of kiki commands in the import-*," | ||
| 518 | ," export-*, and sync-* families. Those other commands are mainly added to facilitate" | ||
| 519 | ," a redundant safe gaurd which restricts the flow of information in such a way that is" | ||
| 520 | ," theoretically less error prone." | ||
| 517 | ,"" | 521 | ,"" |
| 518 | ," sync-secret works by first creating a combined database containing all information" | 522 | ," sync-secret works by first creating a combined database containing all information" |
| 519 | ," and then updating all files (including OpenGPG files, as well as files specified as" | 523 | ," and then updating all files (including OpenGPG files, as well as files specified as" |
| @@ -531,10 +535,10 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 531 | ," specified, they will all have the same keys after the the operation completes." | 535 | ," specified, they will all have the same keys after the the operation completes." |
| 532 | ,"" | 536 | ,"" |
| 533 | ," The --hosts option is experimental and may be removed in the future. Any files given" | 537 | ," The --hosts option is experimental and may be removed in the future. Any files given" |
| 534 | ," as arguments to this option will be assumed to be in the format /etc/hosts, and will" | 538 | ," as arguments to this option will be assumed to be in the format of /etc/hosts, and will" |
| 535 | ," be updated with any hostname information currently stored within your OpenGPG keyring." | 539 | ," be updated with any hostname information currently stored within your OpenGPG keyring." |
| 536 | ," Additionally, if the file has hostnames for the ip corresponding to a master key, then" | 540 | ," Additionally, if the file has hostnames for the ip corresponding to a master key, then" |
| 537 | ," then the mastekey is updated with unsigned annotations recording the additional hostnames." | 541 | ," then the masterkey is updated with unsigned annotations recording the additional hostnames." |
| 538 | ," Warning: this effects all master keys, regardless of whether they have secret key" | 542 | ," Warning: this effects all master keys, regardless of whether they have secret key" |
| 539 | ," information, hence the annotations being unsigned." | 543 | ," information, hence the annotations being unsigned." |
| 540 | ,"" | 544 | ,"" |
| @@ -545,33 +549,7 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 545 | ," If KEYSPEC arguments appear prior to any of --keyrings, --wallets, or --hosts," | 549 | ," If KEYSPEC arguments appear prior to any of --keyrings, --wallets, or --hosts," |
| 546 | ," then they are interpretted as if arguments to --keypairs." | 550 | ," then they are interpretted as if arguments to --keypairs." |
| 547 | ,"" | 551 | ,"" |
| 548 | ,"FLAGS" | 552 | ] ++ syncflags ++ specifyingFiles |
| 549 | ," --help Gives usage information" | ||
| 550 | ,"" | ||
| 551 | ," --homedir PATH Specifies the path where pubring.gpg and secring.gpg are located." | ||
| 552 | ," Typically this would be your ~/.gnupg or the contents of the" | ||
| 553 | ," GNUPGHOME environment variable." | ||
| 554 | ,"" | ||
| 555 | ," --passphrase-fd FD The file descriptor from which to read a passphrase." | ||
| 556 | ,"" | ||
| 557 | ," --import Update home keyring files (pubring.gpg and secring.gpg) with" | ||
| 558 | ," new master keys found in the input files specified by the" | ||
| 559 | ," --keyrings option. Note that new subkeys for known master-key" | ||
| 560 | ," identities will be imported regardless." | ||
| 561 | ,"" | ||
| 562 | ," --import-if-authentic" | ||
| 563 | ," Like --import except that it requires a signature from the" | ||
| 564 | ," working key on any new identities that are imported into the" | ||
| 565 | ," home keyring files." | ||
| 566 | ,"" | ||
| 567 | ," --autosign Create or sign a self-authenticating UID based on tor key." | ||
| 568 | ," Combine this with --import-if-authentic to import self-authenticating" | ||
| 569 | ," identities that may not have previously been signed." | ||
| 570 | ,"" | ||
| 571 | ," --show-wk After the operation completes, output the possibly modified working" | ||
| 572 | ," key identity information." | ||
| 573 | ,"" | ||
| 574 | ] ++ syncflags | ||
| 575 | "sync-public" -> unlines $ | 553 | "sync-public" -> unlines $ |
| 576 | ["kiki sync-public [options...]" | 554 | ["kiki sync-public [options...]" |
| 577 | ,"" | 555 | ,"" |
| @@ -592,7 +570,7 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 592 | ," specifying a substring of an associated UID." | 570 | ," specifying a substring of an associated UID." |
| 593 | ,"" | 571 | ,"" |
| 594 | ," (See 'kiki help spec' for more information.)" | 572 | ," (See 'kiki help spec' for more information.)" |
| 595 | ] ++ syncflags | 573 | ] ++ syncflags ++ specifyingFiles |
| 596 | "import-secret" -> unlines $ | 574 | "import-secret" -> unlines $ |
| 597 | ["kiki import-secret [options...]" | 575 | ["kiki import-secret [options...]" |
| 598 | ,"" | 576 | ,"" |
| @@ -600,7 +578,9 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 600 | ," alter any files outside of the home directory (see --homedir)." | 578 | ," alter any files outside of the home directory (see --homedir)." |
| 601 | ,"" | 579 | ,"" |
| 602 | ," The files pubring.gpg and secring.gpg in the directory specified by the " | 580 | ," The files pubring.gpg and secring.gpg in the directory specified by the " |
| 603 | ," --homedir option are implicitly included in the keyring set." | 581 | ," --homedir option are implicitly included in the keyring set. Unlike the" |
| 582 | ," sync-secret command, information will flow into these files, but not out" | ||
| 583 | ," of them." | ||
| 604 | ,"" | 584 | ,"" |
| 605 | ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" | 585 | ," Subkeys that are imported with kiki are given an annotation \"usage@\" which" |
| 606 | ," indicates what the key is for. This tag can be used as a SPEC to select a" | 586 | ," indicates what the key is for. This tag can be used as a SPEC to select a" |
| @@ -608,7 +588,7 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 608 | ," specifying a substring of an associated UID." | 588 | ," specifying a substring of an associated UID." |
| 609 | ,"" | 589 | ,"" |
| 610 | ," (See 'kiki help spec' for more information.)" | 590 | ," (See 'kiki help spec' for more information.)" |
| 611 | ] ++ syncflags | 591 | ] ++ syncflags ++ specifyingFiles |
| 612 | "import-public" -> unlines $ | 592 | "import-public" -> unlines $ |
| 613 | ["kiki import-public [options...]" | 593 | ["kiki import-public [options...]" |
| 614 | ,"" | 594 | ,"" |
| @@ -629,18 +609,21 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 629 | ," specifying a substring of an associated UID." | 609 | ," specifying a substring of an associated UID." |
| 630 | ,"" | 610 | ,"" |
| 631 | ," (See 'kiki help spec' for more information.)" | 611 | ," (See 'kiki help spec' for more information.)" |
| 632 | ] ++ syncflags | 612 | ] ++ syncflags ++ specifyingFiles |
| 633 | "export-secret" -> unlines $ | 613 | "export-secret" -> unlines $ |
| 634 | ["kiki export-secret [options...]" | 614 | ["kiki export-secret [options...]" |
| 635 | ,"" | 615 | ,"" |
| 636 | ," export-secret updates a set of key files using information from your keyring." | 616 | ," export-secret updates a set of key files using information from your keyring." |
| 637 | ,"" | 617 | ,"" |
| 638 | ," The files pubring.gpg and secring.gpg in the directory specified by the " | 618 | ," The files pubring.gpg and secring.gpg in the directory specified by the" |
| 639 | ," --homedir option are implicitly included in the keyring set." | 619 | ," --homedir option are implicitly included in the keyring set. Unlike with the" |
| 620 | ," sync-secret command, information only flows out of these files and not in to" | ||
| 621 | ," them. Barring this however, the usage and behavior of export-secret is similar" | ||
| 622 | ," to that of sync-secret." | ||
| 640 | ,"" | 623 | ,"" |
| 641 | ," (See 'kiki help spec' for more information.)" | 624 | ," (See 'kiki help spec' for more information.)" |
| 642 | ,"" | 625 | ,"" |
| 643 | ] ++ syncflags | 626 | ] ++ syncflags ++ specifyingFiles |
| 644 | "export-public" -> unlines $ | 627 | "export-public" -> unlines $ |
| 645 | ["kiki export-public [options...]" | 628 | ["kiki export-public [options...]" |
| 646 | ,"" | 629 | ,"" |
| @@ -653,39 +636,43 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 653 | ,"" | 636 | ,"" |
| 654 | ," (See 'kiki help spec' for more information.)" | 637 | ," (See 'kiki help spec' for more information.)" |
| 655 | ,"" | 638 | ,"" |
| 656 | ] ++ syncflags | 639 | ] ++ specifyingFiles |
| 657 | "spec" -> unlines keyspec | 640 | "spec" -> unlines keyspec |
| 658 | where | 641 | where |
| 659 | commonOptions :: [String] | 642 | commonOptions :: [String] |
| 660 | commonOptions = | 643 | commonOptions = |
| 661 | [" --homedir DIR" | 644 | [" --help" |
| 662 | ," Where to find the the files secring.gpg and pubring.gpg. The " | 645 | ," Gives usage information" |
| 663 | ," default location is taken from the environment variable " | ||
| 664 | ," GNUPGHOME." | ||
| 665 | ,"" | 646 | ,"" |
| 666 | ," --passphrase-fd N" | 647 | ," --homedir DIR" |
| 667 | ," Read passphrase from the given file descriptor." | 648 | ," Where to find the files secring.gpg and pubring.gpg. The" |
| 649 | ," default location is taken from the environment variable" | ||
| 650 | ," GNUPGHOME. If this environment variable is not set and no" | ||
| 651 | ," directory is specified using this option then a hardcoded" | ||
| 652 | ," default of ~/.gnupg is assumed. " | ||
| 653 | ,"" | ||
| 654 | ," WARNING: Confusingly, this is *not* your home directory as" | ||
| 655 | ," given by the HOME environment variable. The option is named" | ||
| 656 | ," or rather misnamed in a fashion similar to the gpg option with" | ||
| 657 | ," exactly the same functionality." | ||
| 658 | ,""] ++ documentPassphraseFDFlag bExport bImport bSecret ++ showwk | ||
| 659 | showwk :: [String] | ||
| 660 | showwk = | ||
| 661 | [" --show-wk" | ||
| 662 | ," After the operation completes, output the possibly modified" | ||
| 663 | ," working key identity information." | ||
| 668 | ,"" | 664 | ,"" |
| 669 | ] | 665 | ] |
| 670 | syncflags :: [String] | 666 | syncflags :: [String] |
| 671 | syncflags = | 667 | syncflags = |
| 672 | ["" | 668 | ["" |
| 673 | ,"Flags:"] ++ commonOptions ++ | 669 | ,"Flags:"] ++ commonOptions |
| 674 | [" --import Add master keys to pubring.gpg. Without this option, only UID" | 670 | ++ documentImportFlag bExport bImport bSecret |
| 675 | ," and subkey data is updated. " | 671 | ++ documentImportIfAuthenticFlag bExport bImport bSecret |
| 676 | ,"" | 672 | ++ documentAutoSignFlag bExport bImport bSecret |
| 677 | ," --import-if-authentic" | 673 | specifyingFiles :: [String] |
| 678 | ," Add signed master keys to pubring.gpg. Like --import except that" | 674 | specifyingFiles = |
| 679 | ," only keys with signatures from the working key (--show-wk) are" | 675 | ["SPECIFYING FILES:" |
| 680 | ," imported." | ||
| 681 | ,"" | ||
| 682 | ," --autosign Sign all cross-certified tor-style UIDs." | ||
| 683 | ," A tor-style UID is of the form:" | ||
| 684 | ," Anonymous <root@HOSTNAME.onion>" | ||
| 685 | ," It is considered cross certified if there exists a cross-certified" | ||
| 686 | ," 'tor' subkey corresponding to the address HOSTNAME.onion." | ||
| 687 | ,"" | ||
| 688 | ,"SPECIFYING FILES:" | ||
| 689 | ] ++ documentKeyPairsOption bExport bImport bSecret | 676 | ] ++ documentKeyPairsOption bExport bImport bSecret |
| 690 | ++ documentKeyRingsOption bExport bImport bSecret | 677 | ++ documentKeyRingsOption bExport bImport bSecret |
| 691 | ++ documentWalletsOption bExport bImport bSecret | 678 | ++ documentWalletsOption bExport bImport bSecret |
| @@ -728,6 +715,37 @@ kiki_usage bExport bImport bSecret cmd = putStr $ | |||
| 728 | ," 5E24CD442AA6965D2012E62A905C24185D5379C2" | 715 | ," 5E24CD442AA6965D2012E62A905C24185D5379C2" |
| 729 | ] | 716 | ] |
| 730 | 717 | ||
| 718 | documentPassphraseFDFlag bExport bImport bSecret = | ||
| 719 | [" --passphrase-fd FD" | ||
| 720 | ," The file descripter from which to read a passphrase. If FD is" | ||
| 721 | ," 0, then the passphrase is inputted via stdin. Note that this" | ||
| 722 | ," requires the user to issue CTRL-D to send EOF, so that kiki" | ||
| 723 | ," knows to continue." | ||
| 724 | ,""] | ||
| 725 | |||
| 726 | documentImportFlag bExport bImport bSecret = | ||
| 727 | if bImport then | ||
| 728 | [" --import Add master keys to pubring.gpg. Without this option, only UID" | ||
| 729 | ," and subkey data is updated. " | ||
| 730 | ,""] | ||
| 731 | else [] | ||
| 732 | |||
| 733 | documentImportIfAuthenticFlag bExport bImport bSecret = | ||
| 734 | if bImport then | ||
| 735 | [" --import-if-authentic" | ||
| 736 | ," Add signed master keys to pubring.gpg. Like --import except that" | ||
| 737 | ," only keys with signatures from the working key (--show-wk) are" | ||
| 738 | ," imported." | ||
| 739 | ,""] | ||
| 740 | else [] | ||
| 741 | |||
| 742 | documentAutoSignFlag bExport bImport bSecret = | ||
| 743 | [" --autosign Sign all cross-certified tor-style UIDs." | ||
| 744 | ," A tor-style UID is of the form:" | ||
| 745 | ," Anonymous <root@HOSTNAME.onion>" | ||
| 746 | ," It is considered cross certified if there exists a cross-certified" | ||
| 747 | ," 'tor' subkey corresponding to the address HOSTNAME.onion." | ||
| 748 | ,""] | ||
| 731 | documentKeyPairsOption :: Bool -> Bool -> Bool -> [String] | 749 | documentKeyPairsOption :: Bool -> Bool -> Bool -> [String] |
| 732 | documentKeyPairsOption bExport bImport bSecret = | 750 | documentKeyPairsOption bExport bImport bSecret = |
| 733 | [" --keypairs [KEYSPEC ...]" | 751 | [" --keypairs [KEYSPEC ...]" |
| @@ -759,6 +777,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
| 759 | ," file for import. Unlike the sync-secret command, this command" | 777 | ," file for import. Unlike the sync-secret command, this command" |
| 760 | ," leaves no possibility of secret key information leaking from" | 778 | ," leaves no possibility of secret key information leaking from" |
| 761 | ," your OpenGPG keyring into specified files." | 779 | ," your OpenGPG keyring into specified files." |
| 780 | ,"" | ||
| 762 | ] ++ afterSecond | 781 | ] ++ afterSecond |
| 763 | (False,True,True) -> -- import-secret | 782 | (False,True,True) -> -- import-secret |
| 764 | [" This option specifies the paths of such private PEM files which" | 783 | [" This option specifies the paths of such private PEM files which" |
| @@ -768,6 +787,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
| 768 | ," command will be executed in a modified environment with the" | 787 | ," command will be executed in a modified environment with the" |
| 769 | ," expectation of creating the PEM file for import. Files external" | 788 | ," expectation of creating the PEM file for import. Files external" |
| 770 | ," to your OpenGPG keyring will not be modified by this command." | 789 | ," to your OpenGPG keyring will not be modified by this command." |
| 790 | ,"" | ||
| 771 | ] ++ afterSecond | 791 | ] ++ afterSecond |
| 772 | (False,True,False) -> -- import-public | 792 | (False,True,False) -> -- import-public |
| 773 | [" This option specifies the paths of PEM files, of both the" | 793 | [" This option specifies the paths of PEM files, of both the" |
| @@ -781,6 +801,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
| 781 | ," Unlike the import-secret command, this command leaves no" | 801 | ," Unlike the import-secret command, this command leaves no" |
| 782 | ," possibility of secret key information leaking from your OpenGPG" | 802 | ," possibility of secret key information leaking from your OpenGPG" |
| 783 | ," keyring. " | 803 | ," keyring. " |
| 804 | ,"" | ||
| 784 | ] ++ afterSecond | 805 | ] ++ afterSecond |
| 785 | (True,False,True) -> -- export-secret | 806 | (True,False,True) -> -- export-secret |
| 786 | [" This option specifies the paths of such private PEM files, of" | 807 | [" This option specifies the paths of such private PEM files, of" |
| @@ -790,6 +811,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
| 790 | ," command. Unlike the export-secret comamnd, this command leaves" | 811 | ," command. Unlike the export-secret comamnd, this command leaves" |
| 791 | ," no possibility that secret key information will leak from your" | 812 | ," no possibility that secret key information will leak from your" |
| 792 | ," OpenGPG keyring." | 813 | ," OpenGPG keyring." |
| 814 | ,"" | ||
| 793 | ] ++ afterSecond | 815 | ] ++ afterSecond |
| 794 | (True,False,False) -> -- export-public | 816 | (True,False,False) -> -- export-public |
| 795 | [" This option specifies the paths of PEM files, of the private or" | 817 | [" This option specifies the paths of PEM files, of the private or" |
| @@ -797,6 +819,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
| 797 | ," the export-secret command, this command leaves no possibility" | 819 | ," the export-secret command, this command leaves no possibility" |
| 798 | ," of secret key information leaking from your OpenGPG keyring" | 820 | ," of secret key information leaking from your OpenGPG keyring" |
| 799 | ," into the specified files." | 821 | ," into the specified files." |
| 822 | ,"" | ||
| 800 | ] ++ afterSecond | 823 | ] ++ afterSecond |
| 801 | _ -> afterSecond | 824 | _ -> afterSecond |
| 802 | where afterSecond = | 825 | where afterSecond = |
| @@ -844,6 +867,7 @@ documentKeyPairsOption bExport bImport bSecret = | |||
| 844 | ," information." | 867 | ," information." |
| 845 | ,"" | 868 | ,"" |
| 846 | ," (See 'kiki help spec' for more information.)" | 869 | ," (See 'kiki help spec' for more information.)" |
| 870 | ,"" | ||
| 847 | ] | 871 | ] |
| 848 | 872 | ||
| 849 | documentKeyRingsOption :: Bool -> Bool -> Bool -> [String] | 873 | documentKeyRingsOption :: Bool -> Bool -> Bool -> [String] |
| @@ -858,7 +882,7 @@ documentKeyRingsOption bExport bImport bSecret = | |||
| 858 | 882 | ||
| 859 | documentWalletsOption :: Bool -> Bool -> Bool -> [String] | 883 | documentWalletsOption :: Bool -> Bool -> Bool -> [String] |
| 860 | documentWalletsOption bExport bImport bSecret = | 884 | documentWalletsOption bExport bImport bSecret = |
| 861 | [" --wallets FILE FILE..." | 885 | [" --wallets [FILE ...]" |
| 862 | ," Provide wallet files with secret crypto-coin keys in Wallet" | 886 | ," Provide wallet files with secret crypto-coin keys in Wallet" |
| 863 | ," Import Format. The keys will be treated as subkeys of your" | 887 | ," Import Format. The keys will be treated as subkeys of your" |
| 864 | ," current working key (the one shown by --show-wk)." | 888 | ," current working key (the one shown by --show-wk)." |
| @@ -867,11 +891,12 @@ documentWalletsOption bExport bImport bSecret = | |||
| 867 | documentHostsOption :: Bool -> Bool -> Bool -> [String] | 891 | documentHostsOption :: Bool -> Bool -> Bool -> [String] |
| 868 | documentHostsOption bExport bImport bSecret = | 892 | documentHostsOption bExport bImport bSecret = |
| 869 | [" --hosts [FILE ...]" | 893 | [" --hosts [FILE ...]" |
| 870 | ," EXPERIMENTAL! May be removed in the future. This option specifies files" | 894 | ," EXPERIMENTAL! May be removed in the future. This option" |
| 871 | ," from which to read or write hostname aliases. The format is the same as" | 895 | ," specifies files from which to read or write hostname aliases." |
| 872 | ," /etc/hosts on unix systems. WARNING: hostname aliases may be imported into" | 896 | ," The format is the same as /etc/hosts on unix systems. WARNING:" |
| 873 | ," the gpg keyring files, but they are currently NOT signed and may be altered" | 897 | ," hostname aliases may be imported into the gpg keyring files," |
| 874 | ," in transit." | 898 | ," but they are currently NOT signed and may be altered in" |
| 899 | ," transit." | ||
| 875 | ,""] | 900 | ,""] |
| 876 | 901 | ||
| 877 | 902 | ||