# # patch "ChangeLog" # from [9fdcf44a6afd4649af17c3ededf4cf5e8dc1ab10] # to [c4f4a80a415023bcf3db13121d7b8e8d877408c1] # # patch "commands.cc" # from [c043db37f8bb75deed2604fefca8426408264467] # to [e44277638e21b8a20fa0c6f68f067b3799827d0c] # # patch "monotone.texi" # from [9b7b9ab00d31aead6a87466ff1a2d843c54084a8] # to [f03a883ec62cd2aa2b9e7d972d045630391f9e99] # # patch "tests/t_key_management_without_db.at" # from [284f02e1bd94117133fd7ce45512d6912c3120fb] # to [55c63a4f48a9250f7b3750d177fbaaebe1bd7eee] # ======================================================================== --- ChangeLog 9fdcf44a6afd4649af17c3ededf4cf5e8dc1ab10 +++ ChangeLog c4f4a80a415023bcf3db13121d7b8e8d877408c1 @@ -1,5 +1,17 @@ 2005-10-06 Timothy Brownawell + * commands.cc (ls_keys): don't insist on having a db + * tests/t_key_management_without_db.at: check ls keys + * monotone.texi: update for new key storage + * concepts :: storage and workflow + * tutorial :: generating keys + * tutorial :: committing work + * command reference :: informative + * command reference :: key and cert + * command reference :: packet I/O + +2005-10-06 Timothy Brownawell + * commands.cc (chkeypass): doesn't use the db, so we don't need a guard * commands.cc (dropkey): don't insist on having a db * tests/t_genkey_without_db.at: rename (s/genkey/key_management) and ======================================================================== --- commands.cc c043db37f8bb75deed2604fefca8426408264467 +++ commands.cc e44277638e21b8a20fa0c6f68f067b3799827d0c @@ -603,22 +603,22 @@ ls_keys(string const & name, app_state & app, vector const & args) { - transaction_guard guard(app.db); vector pubs; vector privkeys; - if (args.size() == 0) + std::string pattern; + if (args.size() == 1) + pattern = idx(args, 0)(); + else if (args.size() > 1) + throw usage(name); + + if (app.db.database_specified()) { - app.db.get_key_ids("", pubs); - app.keys.get_key_ids("", privkeys); + transaction_guard guard(app.db); + app.db.get_key_ids(pattern, pubs); + guard.commit(); } - else if (args.size() == 1) - { - app.db.get_key_ids(idx(args, 0)(), pubs); - app.keys.get_key_ids(idx(args, 0)(), privkeys); - } - else - throw usage(name); + app.keys.get_key_ids(pattern, privkeys); // true if it is in the database, false otherwise map pubkeys; ======================================================================== --- monotone.texi 9b7b9ab00d31aead6a87466ff1a2d843c54084a8 +++ monotone.texi f03a883ec62cd2aa2b9e7d972d045630391f9e99 @@ -575,11 +575,13 @@ @node Storage and workflow @section Storage and workflow -Monotone moves information in and out of three different types of +Monotone moves information in and out of four different types of storage: @itemize @item +a @i{keystore} in your home directory address@hidden a @i{working copy} in the local file system @item a @i{local database} in the local file system @@ -587,6 +589,12 @@ a @i{remote database} elsewhere on the internet @end itemize +The @dfn{keystore} is a directory @file{.monotone/keys} in your home directory +which contains copies of all your private keys. Each key is stored in a file +whose name is the key identifier with some characters converted to underscores. +When you use a key to sign a cert, the public half of that key is copied into +your local database along with the cert. + All information passes @emph{through} your local database, en route to some other destination. For example, when changes are made in a working copy, you may save those changes to your database, and later @@ -1143,7 +1151,7 @@ monotone: generating key-pair 'jim@@juicebot.co.jp' enter passphrase for key ID [jim@@juicebot.co.jp] : @i{} confirm passphrase for key ID [jim@@juicebot.co.jp]: @i{} -monotone: storing key-pair 'jim@@juicebot.co.jp' in database +monotone: storing key-pair 'jim@@juicebot.co.jp' in keystore @end group @end smallexample @@ -1155,7 +1163,7 @@ monotone: generating key-pair 'abe@@juicebot.co.jp' enter passphrase for key ID [abe@@juicebot.co.jp] : @i{} confirm passphrase for key ID [abe@@juicebot.co.jp]: @i{} -monotone: storing key-pair 'abe@@juicebot.co.jp' in database +monotone: storing key-pair 'abe@@juicebot.co.jp' in keystore @end group @end smallexample @@ -1167,20 +1175,21 @@ monotone: generating key-pair 'beth@@juicebot.co.jp' enter passphrase for key ID [beth@@juicebot.co.jp] : @i{} confirm passphrase for key ID [beth@@juicebot.co.jp]: @i{} -monotone: storing key-pair 'beth@@juicebot.co.jp' in database +monotone: storing key-pair 'beth@@juicebot.co.jp' in keystore @end group @end smallexample Each programmer has now generated a key pair and placed it in their -local database. Each can list the keys in their database, to ensure +keystore. Each can list the keys in their keystore, to ensure the correct key was generated. For example, Jim might see this: @smallexample @group -$ monotone --db=~/jim.db list keys +$ monotone list keys [public keys] -9e9e9ef1d515ad58bfaa5cf282b4a872d8fda00c jim@@juicebot.co.jp +9e9e9ef1d515ad58bfaa5cf282b4a872d8fda00c jim@@juicebot.co.jp (*) +(*) - only in keystore [private keys] @@ -1192,7 +1201,7 @@ The hexadecimal string printed out before each key name is a @emph{fingerprint} of the key, and can be used to verify that the key you have stored under a given name is the one you intended to -store. Monotone will never permit one database to store two keys with +store. Monotone will never permit one keystore to store two keys with the same name or the same fingerprint. This output shows one private and one public key stored under the name @@ -1458,7 +1467,7 @@ Satisfied with the work he's done, Jim wants to save his changes. He then commits his working copy, which causes monotone to process the @file{MT/work} file and record the file contents, manifest, and -revision into the database. Since he provided a branch name when he +revision into the database. Since he provided a branch name when he ran @command{setup}, monotone will use this as the default branch name when he commits. @@ -1484,8 +1493,9 @@ @end group @end smallexample -Monotone also generated a number of certificates, attached to -the new revision. These certs store metadata about the commit. Jim can +Monotone also generated a number of certificates attached to +the new revision, and made sure that the database contained a copy of Jim's +public key. These certs store metadata about the commit. Jim can ask monotone for a list of certs on this revision. @smallexample @@ -3991,8 +4001,8 @@ @item monotone list keys @itemx monotone list keys @var{pattern} -These commands list @sc{rsa} keys held in your current database. They -do not print out any cryptographic information; they simply list the +These commands list @sc{rsa} keys held in your keystore and current database. +They do not print out any cryptographic information; they simply list the names of public and private keys you have on hand. If @var{pattern} is provided, it is used as a glob to limit the keys @@ -4084,7 +4094,7 @@ @item monotone genkey @var{keyid} This command generates an @sc{rsa} public/private key pair, using a -system random number generator, and stores it in your database under +system random number generator, and stores it in your keystore under the key name @var{keyid}. If the the hook @code{non_blocking_rng_ok()} returns @code{true}, the key generation will use an unlimited random number generator (such as @@ -4092,11 +4102,10 @@ number generator (such as @file{/dev/random}) but might run slightly slower. -The private half of the key is stored in an encrypted form, using the -symmetric cipher @sc{arc4}, so that anyone accidentally reading your -database cannot extract your private key and use it. You must provide -a passphrase for your key when it is generated, which is used to key -the @sc{arc4} cipher. In the future you will need to enter this +The private half of the key is stored in an encrypted form, so that anyone +who can read your keystore cannot extract your private key and use it. +You must provide a passphrase for your key when it is generated, which is used +to determine the encryption key. In the future you will need to enter this passphrase again each time you sign a certificate, which happens every time you @command{commit} to your database. You can tell monotone to automatically use a certain passphrase for a given key using the @@ -4109,10 +4118,7 @@ This command drops the public and/or private key. If both exist, both are dropped, if only one exists, it is dropped. This command should be used with caution as changes are irreversible without a backup of -the key(s) that were dropped. Note also that the private key is not -guaranteed to actually be erased from your database file --- if you are -going to make the database file public, you should use @command{db dump} -and @command{db load} to import into a fresh database. +the key(s) that were dropped. @item monotone chkeypass @var{id} @@ -4223,7 +4229,7 @@ @item monotone privkey @var{keyid} @itemx monotone pubkey @var{keyid} -These commands print out an @code{privkey} or @code{pubkey} packet for +These commands print out an @code{keypair} or @code{pubkey} packet for the @sc{rsa} key @var{keyid}. These can be used to transport public or private keys safely between monotone databases. @@ -6621,7 +6627,7 @@ with cryptography literature, you can modify monotone to use any stronger hash you like, at the cost of isolating your own communications to a group using the modified version. Monotone is free -software, and runs atop @code{crypto++}, so it is both legal and +software, and runs atop @code{botan}, so it is both legal and relatively simple to change it to use some other algorithm. @page ======================================================================== --- tests/t_key_management_without_db.at 284f02e1bd94117133fd7ce45512d6912c3120fb +++ tests/t_key_management_without_db.at 55c63a4f48a9250f7b3750d177fbaaebe1bd7eee @@ -1,4 +1,4 @@ -AT_SETUP([genkey, dropkey, chkeypass without a database]) +AT_SETUP([key management without a database]) MONOTONE_SETUP @@ -7,6 +7,8 @@ AT_CHECK((echo foobar; echo barfoo; echo barfoo) | RAW_MONOTONE --keydir=keys chkeypass foobar, [], [ignore], [ignore]) +AT_CHECK(RAW_MONOTONE --keydir=keys ls keys, [], [ignore], [ignore]) + AT_CHECK(RAW_MONOTONE --keydir=keys dropkey foobar, [], [ignore], [ignore]) # with an invalid database should fail