diff options
author | Joey Hess <joeyh@joeyh.name> | 2016-10-18 15:12:06 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2016-10-18 15:12:06 -0400 |
commit | 95a5d994379165f143c7c32517c45d28c2d8242a (patch) | |
tree | 73e8047145f4fd6735f751b56c6b5269fcbab01f | |
parent | bf5e9d85e29bba0411ab2378c6566f6caae5f8fb (diff) | |
download | keysafe-95a5d994379165f143c7c32517c45d28c2d8242a.tar.gz |
forgot to update the man page for all the recently added options
-rw-r--r-- | CmdLine.hs | 2 | ||||
-rw-r--r-- | keysafe.1 | 97 |
2 files changed, 86 insertions, 13 deletions
@@ -132,7 +132,7 @@ parseMode = <|> BackupServer <$> strOption ( long "backup-server" <> metavar "BACKUPDIR" - <> help "Run on a server, populates the directory with a gpg encrypted backup of all objects stored in the --store-directory. This is designed to be rsynced offsite (with --delete) to back up the a keysafe server with minimal information leakage." + <> help "Run on a server, populates the directory with a gpg encrypted backup of all objects stored in the --store-directory. This is designed to be rsynced offsite (with --delete) to back up a keysafe server with minimal information leakage." ) <|> RestoreServer <$> strOption ( long "restore-server" @@ -50,6 +50,50 @@ key. Upload any data to servers that was queued by a previous keysafe run. This is designed to be put in a cron job. .PP +.IP --autostart +This is run automatically on desktop login by the desktop autostart +file included with keysafe. It checks for any new gpg keys that have +not been backed up, and prompts to see if the user wants to back them up +with keysafe. Also uploads any queued data, and in the future may perform +other checks for problems. +.PP +.IP --server +Runs keysafe in server mode, accepting objects and storing them. +Use --store-directory to configure where the server stores objects, +and --port and --address to configure how the server listens to +connections. It's recommended to only expose keysafe servers over a tor +hidden service. +.PP +.IP --backup-server BACKUPDIR +Run on a server, populates the BACKUPDIR with a gpg encrypted backup +of all the objects stored in the --store-directory. This is designed +to be rsynced offsite (with --delete) to back up a keysafe server with +minimal information leakage. +.PP +.IP --restore-server BACKUPDIR +Restore all objects present in the gpg-encrypted +backups in the specified directory. +.PP +.IP --chaff HOSTNAME +Upload random data to a keysafe server. --port can be used to specify +the server's port. Continues uploading data until interrupted with ctrl-c. +.PP +.IP --chaff-max-delay SECONDS +Specify a delay between chaff uploads. Will delay a +random amount between 0 and this many seconds. +.PP +.IP --check-servers +Tries to connect to each server in the server list. +Displays the server's MOTD, and the amount of data +stored on it. Prints message to stderr and exits +nonzero if any of the servers are not accessible. +.PP +.IP --benchmark +Benchmark speed of keysafe's cryptographic primitives. +.PP +.IP --test +Run test suite. +.PP .IP --gpgkeyid KEYID Specify keyid of gpg key to back up or restore. This is useful if you have multiple gpg keys. But, when this option is used to back up a key, @@ -60,6 +104,17 @@ To back up anything other than a gpg secret key, use this option. To restore from the backup, you must use this same option, and pass the exact same filename. .PP +.IP --store-directory dir +Where to store data locally. For the client, data is +stored here before it is uploaded to the server. For +the server, this is where it stores its data. +(default: ~/.keysafe/objects/) +.PP +.IP --gui +Use GUI interface for interaction. Default is to use +readline interface when run in a terminal, and GUI otherwise. +The GUI currently is implemented using zenity(1). +.PP .IP --totalshares M --neededshares N These options have to be specified together. The default values are --totalshares 3 --neededshares 2. @@ -69,20 +124,38 @@ To restore the data, only N of the shares are needed. If you specify these options when backing up a secret key, you also must specify them with the same values to restore that secret key. .PP -.IP --store-local -Store data locally, in ~/.keysafe/objects/local/. -(The default is to store data in the cloud.) -The local data storage consists of 3 (--totalshares) subdirectories, -which hold the shares of the encrypted secret key. So, you can each -subdirectory to a separate storage location, and then to restore the key, -copy 2 (--neededshares) of them back into place. +.IP --name N +Specify name used for key backup/restore, avoiding the usual prompt. .PP -.IP --gui -Enable graphical user interface. This is the default unless keysafe -was run from a terminal. The GUI currently is implemented using zenity(1). +.IP --othername N +Specify other name used for key backup/restore, avoiding the usual prompt. .PP -.IP --benchmark -Benchmark speed of keysafe's cryptographic primitives. +.IP --add-storage-directory DIR +Add the directory to the list of locations keysafe +will use for backup/restore of keys. Keysafe will use +the directory first, before any of its built-in servers. +.PP +.IP --add-server HOST[:PORT] +Add the server to the server list which keysafe will +use for backup/restore of keys. Keysafe will use the +server first before any of its built-in servers. +.PP +.IP --port P +Port for server to listen on. (default: 80) +.PP +.IP --address A +Address for server to bind to. (Use "*" to bind to +all addresses.) (default: "127.0.0.1") +.PP +.IP --months-to-fill-half-disk N +Server rate-limits requests and requires proof of +work, to avoid too many objects being stored. This is +an lower bound on how long it could possibly take for +half of the current disk space to be +filled. (default: 12) +.PP +.IP --motd MESSAGE +The server's Message Of The Day. .PP .IP --testmode Avoid using expensive cryptographic operations to secure data. |