lunar (1) secrecy.1.gz

Provided by: secrecy_0.0.5+ds-2_amd64 bug

NAME

       secrecy - libsecrecy encryption and key management tool

SYNOPSIS

       secrecy createKey cipher gpgid keyname

       secrecy encrypt [keyhash|keyname]

       secrecy decrypt

       secrecy exportKey [keyhash|keyname] gpgid

       secrecy importKey gpgid

       secrecy listKeys

       secrecy setDefaultKey keyname

DESCRIPTION

       The  libsecrecy  distribution  comes  with  a command line tool called secrecy.  This tool
       currently has  seven  subcommands:  createKey,  encrypt,  decrypt,  exportKey,  importKey,
       listKeys and setDefaultKey.

       The  program  secrecy  accepts  several  subcommands.   It is to be noted that, currently,
       secrecy has no arguments for reading and writing any file.  One has to rely on  the  shell
       capabilities  to read and write plain files, encrypted files, and key exports, using pipes
       and redirection operators.  Subcommands are the following:

       secrecy createKey cipher gpgid keyname
              create keys for the libsecrecy, where cipher can currently take the values  AES128,
              AES192  or AES256, gpgid needs to be a valid id (normally an email address) present
              as a secret key in gpg(1)'s keyring, which can be used for securely storing the AES
              key  for  use by libsecrecy, and keyname can be chosen as a human readable name for
              the key created, for instance "mykey".  The program outputs a key hash in the  form
              of a hexadecimal encoded string.  Either this key hash or the key name given can to
              be provided to the encrypt command of secrecy for encrypting files using the  newly
              created key.

       secrecy encrypt [keyhash|keyname]
              This  subcommand  allows  one  to  encrypt  files.   keyhash/keyname  is either the
              hexadecimal string which was printed by createKey when creating  the  key,  or  the
              name  given  to  createKey when creating the key.  If the string provided is empty,
              then the default key name is used if any has been  set;  see  setDefaultKey.   Note
              that  this  command  needs to decrypt the key from it's gpg(1) encoded form, so you
              will need to provide the respective passphrase in some form.

       secrecy decrypt
              This subcommand allows one to decrypt files.  It needs to decrypt the key from it's
              gpg(1)  encoded form, so you will need to provide the respective passphrase in some
              form.  Note that you do not need to provide the  keyhash  for  decryption  as  this
              information is provided inside the encrypted file.

       secrecy exportKey [keyname|keyhash] gpgid
              Export  to  an encrypted transfer format, for passing data on to third parties, via
              the exportKey command of secrecy.  keyname or keyhash are valid key  name  or  hash
              respectively,  and  gpgid  is  a  string identifying the recipient of the key.  The
              public key of gpgid needs to be available in gpg's key database.

       secrecry importKey gpgid
              Import a key from the format produced by the exportKey command using the  importKey
              command,  where  gpgid designates the gpg key which will be used to locally encrypt
              the key for storing it in libsecrecy's database.

       secrecy listKeys
              List installed keys.  It prints a tabulation separated table such  that  the  first
              column contains the key names and the second the respective key hash values.

       secrecy setDefaultKey keyname
              Change  the default key.  The default key is used when an empty keyname is used for
              running any command accepting a key name, with the obvious exceptions of  createKey
              and setDefaultKey.

FILES

       AES keys are stored encrypted using gpg(1) via gpgme.  Each key is assigned a hash H value
       at creation time.  H is computed as the SHA256 checksum of a randomly generated  sequence.
       Keys  are  stored  and  searched  for  in  the  directory  set in the environment variable
       LIBSECRECY_KEYDIR.  If this variable is not set, then the subdirectory .libsecrecy  inside
       the  current  users  home directory, designated by the environment variable HOME, is used.
       Inside this directory the key for hash H is stored in the  file  hash/H,  otherwise  said:
       hash/3E35C013C66C66B09E3E0B923451530C62D4346D9F5165906FC94B9B4D35E28E,      where      the
       respective files are encrypted using gpgme.  The secret key used for this  encryption  can
       be set at key creation time.

EXAMPLES

       Create an AES256 key using your GPG ID, for instance foo@example.org, and call it mykey:

               $ secrecy createKey AES256 foo@example.org mykey
               3E35C013C66C66B09E3E0B923451530C62D4346D9F5165906FC94B9B4D35E28E

       List available keys:

               $ secrecy listKeys
               mykey  3E35C013C66C66B09E3E0B923451530C62D4346D9F5165906FC94B9B4D35E28E

       Set mykey as default key:

               $ secrecy setDefaultKey mykey

       Encrypt file into file.encrypted, using the default key:

               $ secrecy encrypt < file > file.encrypted

       Decrypt file.encrypted into file.decrypted, using the default key:

               $ secrecy decrypt < file.encrypted > file.decrypted

       Prepare  an  export  of  mykey  for use by the person behind GPG ID bar@example.org, whose
       public key should be accessible in the user's gpg(1) keyring.  The key  will  be  exported
       into the file export.key:

               $ secrecy exportKey mykey bar@example.org > export.key

AUTHORS

       secrecy   is   a  program  part  of  the  libsecrecy,  written  by  German  Tischler-Höhle
       <germant@miltenyibiotec.de>.

       The present manual page is written by Étienne Mollier <emollier@debian.org> for the Debian
       project.

SEE ALSO

       See       the      GnuPG      documentation      relative      to      key      management
       ⟨https://gnupg.org/documentation/manuals/gnupg/OpenPGP-Key-Management.html#OpenPGP-Key-
       Management⟩ for creating and handling gpg(1) keys.