USAGE

cmk-coffer-new [OPTIONS] COFFER_FILE -a PKEY_FILE [...] [-a ...]

Create COFFER_FILE and encrypt it such that each access group of PKeys can be used independenctly to unlock it. The data to be encrypted is read from stdin, but may also be supplied by --value or one or more --dict-pair options.

OPTIONS

--bundled-keys (-b)

Serialize all PKey objects into the tail of the COFFER_FILE so that the key files don't need referenced again to unlock it.

--add-access (-a) PKEY [PKEY...]

The arguments following this option must be one or more PKey filenames. Access to the coffer will be granted when the private halves of all of these keys are available. This option may be specified multiple times, to create multiple sets of keys where each has access to the Coffer. A Pkey may be used in more than one group.

--parse=FORMAT

Parse names and values from stdin and store them as dictionary content.

Formats:

ini

Parse input as lines of NAME=VALUE in the tradition of INI files, where ';' and '#' begin comments and whitespace is trimmed from the names and values. Bare names (lacking an '=') are not supported, nor are multiline values. INI headers are currently ignored.

0

Parse the input as NUL-delimited strings alternating between Name and Value.

--dict-item (-d) NAME=VALUE_FILE

If specified, the Coffer will be created as dictionary storage, and this specifies one entry. NAME cannot contain an equal sign. Value may contain arbitrary binary data including NUL bytes. This option can be used multiple times, and applies after items generated by --parse. If option --parse is not used, --dict-item implies that no value will be read from stdin.

--content-type MIMETYPE

Optionally specify a MIME-type for the content of the Coffer, stored in the public headers (not encrypted). Dictionary storage implies its own content type, so no need to set this if you specify dictionary storage options.