X      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                                                                                                            !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~None *+0:BMNone *+0:BMNone+ NoneB          None*+024:BMK!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkJ!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijd,-.)*+&'(#$%/0123456789:;<=>?@ABCKLMNODEFGHIJ"PQ!RSkkkkkkkkkkkkkkkkkkkkkkkkkkjihgfedcba`_^]\[ZYXWVUT)!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkNoneBl  mnolmnolmnol  mnoNone*+024:BMyiKeystore session context, created at the start of a session and passed to the keystore access functions.0pqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~H  pqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHINOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~}~ !"#$%&'     ()*+yz{|MLK,-.x/0uvw123J45t6789s:;<=>?@ABCDEprqFGHI~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPON prqstuvwxyz{|}~       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~None  Safe-Inferred None:MC !"#$%&'()'(,  !"#$%&'() None+B+*+,((*+, NoneB-./0123456789:;<=>?@ABCDE-./0123456789:;<=>?@ABCDE NoneB*FG     HIJ%     %     *FG     HIJNone-BhEncode a key store as a JSON ByteString (discarding any cached cleartext copies of secrets it may have)!6Encrypt a clear text message with a name RSA key pair.#^Decrypt an RSA-encrypted message (the RSA secret key named in the message must be available.)%ESign a message with a named RSA secret key (which must be available).&5Verify that an RSA signature of a message is correct.'NSymetrically encrypt a message with a Safeguard (list of names private keys).(NSymetrically encrypt a message with a Safeguard (list of names private keys).)Create a private key.*Remember the secret text for a key -- will record the hash and encrypt it with the configured safeguards, generating an error if any of the safeguards are not available.+FBackup all of the keys in the store with their configured backup keys.K2Backup a named key with its configured backup key.,Primitive to make a cryptographic copy (i.e., a safeguard) of the secret text of a key, storing it in the key (and doing nothing if the that safeguard is already present).-?List all of the keys in the store, one per line, on the output...Print out the information of a particular key./'Return all of the keys in the keystore.0qTry to load the secret copy into the key and return it. (No error is raised if it failed to recover the secret.)1ETry to load an encryption or decryption key for an encrypted message.'LMNOPQ !"#$%&'()(unique) name of the new keythe comment stringthe identity string7the environment variable used to hold a clear text copy (optionally) the clear test copy*+K,R-.ST/0UVW1XYZ[\lmno      !"#$%&'()*+,-./01 !"#$%&'()+*,/-.01"LQPONM !"#$%&'()*+K,R-.ST/0UVW1XYZ[\NoneM 21The parameters used to set up a KeyStore session.41location of any explictlt specified keystore file56whether debug output has been specified enabled or not6#Just True => do not update keystore;Suitable default 2.<3The default place for keystore settings (settings).=7Add the standard file extension to a base name (.json).>0The default file for a keystore (keystore.json).?Determine the  and keystore  from 2@Set up the keystore state.D<Read the JSON-encoded KeyStore settings from the named file.23456789:;<=>?@ABC]DE^F_`23456789:;<=>?@ABCDEF789:23456;<=>?@ABDCEF23456789:;<=>?@ABC]DE^F_`NoneSGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkabcdefghijklmnopqrstuvwxyz{|}~l&GHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl&cdefGba`_^]\[ZYXWVUTSRQPONMLKJIHghijkl5Gba`_^]\[ZYXWVUTSRQPONMLKJIHcdefghijkabcdefghijklmnopqrstuvwxyz{|}~lNoneM6mthe client calls + to bind the passwords into the environmentoLif True , collect will not report an error if the master password is missingp0the list of active passwords for this collectionuYwe resort to phantom types when we have no other way of passing PW into a function (see )wkThe PW class provides all of the information on the bounded enumeration type used to identify the passwordsx'the name by which the password is knownyparse a PasswordName into a pzuwhether the passwords is a session and if so a function for extracting the session name from the secret password text{Lwhether the password is a one-shot password, needing to be primed to be used|dthe environment variable where the password is expected to be found by the client/deployment scripts}2a brief description of the password in a few words~a description of the password!The password manager is used for storing locally the passwords and session tokens of a single user. The password used to encode the store is stored in an environment variable and the passwords and tokens are stored in a file. The file and and environment cariable are specified in the PWConfig record. (The attributes of each password and session list, including the environment variables that they are communicated through, is statically specified with the PW class below.)-file in which to store the encrypted passordsPthe environmant variable containing the master password used to secure the store:error message to be used on failure to locate the keystoreAerror message to be used on failure to locate the master password6for firing up an interactive shell on successful login)for generating has descriptions (can use  here)must be true to enable  commandsHthe prefix string to be used in making up the commands from dump scriptsthe sample script@raise an error if not logged in and collect all of the passwordsCthe password manager CLI: it just needs the config and command line a sample # generator to help with setting up 7sample sample-script generator to help with setting up Lhashing the master password to create the private key for securing the store+bind the master password in the environmentcreate an empty passowrd store; if the boolean flag is False then an interactive shell is fired up with access to the new store; if no password is specified then one is read from stdinlaunch an interactive shell with access to the password store; if the bool boolean flag is True then it will loop asking for the passwoord until the correct password is typed (or an error ocurrs, possibly from a SIGint); if no &. is specified then one will be read from stdin$is this the correct master password?is the password store there?are we currently logged in?6is the password/session bound to a value in the store?loads a password into the store; if this is a session password and the boolean ss is True then the session will be reset to this password also; if no &. is specified then one will be read from stdin&set the comment for the password store*collect the available passwords listed in mI from the store and bind them in their designated environmants variablesprime a one-shot password so that it will be availabe on the next collection (probably for a deployment); if no password is specified then they are all primed"select a different session for use delete a password from the storedelete a session from the storeprint a status line; if q is TrueG then don't output anything and exit with fail code 1 if not logged in%list the passwords, one per line; if a^ is set then all passwords will be listed, otherwise just the primed passwords will be listed$list the sessions, one per line; if pD is specified then all of the sessions are listed for that passwordHprint the info, including the text descriton, for an individual passowrdget the info on a password:dump the store in a s script that can be used to reload itPcollect the passowrds, bthem into the environmant and launch an interacive shell*check whether a password is primed for uselookup a session in a password store, possibly specifying the password it belogs to; exactly one session must be found, otherwise an error is generated.lookup all of the sessions in a password store%read a passord from stdin and hash ituse a ) to represent a primed one-shot password, otherwise-make up a script for loading a password storemnopqrstuvwxyz{|}~A> don't fire up an interactive shell with access to the new storethe master passwordlist active sessions only!list only the session identifiers5if specified, then only the sessions on this password%True => show the password secret textthe password to show'the prefix for each script command linethe store commentthe passwords to loadthe sessions to selectJ#$%&'()*+<=>?@ABCmnopqrstuvwxyz{|}~Jwxyz{|}~uvqrstmnop<=>?@ABC)*+&'(#$%bmnopqrstuvwxyz{|}~ None+M(RGenerate a new keystore located in the given file with the given global settings.Given 2 describing the location of the keystore, etc., generate an IC for use in the following keystore access functions that will allow context to be cached between calls to these access functions.XThis functional method will generate an IC that will not cache any state between calls. the filepath of the loaded store!List the JSON settings on stdout.1Return the settings associated with the keystore.FUpdate the global settings of a keystore from the given JSON settings.3List the triggers set up in the keystore on stdout.,Returns the striggers setup on the keystore.7addTrigger' cariant that erads the setting from a file.tSet up a named trigger on a keystore that will fire when a key matches the given pattern establishing the settings.+Remove the named trigger from the keystore.ICreate an RSA key pair, encoding the private key in the named Safeguards.JCreate a symmetric key, possibly auto-loaded from an environment variable.Adjust a named key.%Load a named key from the named file.Load the named key.3Encrypt and store the key with the named safeguard.1Try and retrieve the secret text for a given key.Return the identity of a key.)Return the comment associated with a key.!Return the creation UTC of a key.Return the hash of a key.!Return the hash comment of a key/Retuen the hash salt of a key.2(For public key pairs only) return the public key.PReturn the secret text of a key (will be the private key for a public key pair).,List a summary of all of the keys on stdout.'Return all of the keys in the keystore.(Delete a list of keys from the keystore. Encrypt a  with a named key. Encrypt a  with a named key to produce a .IDecrypt a file with the named key (whose secret text must be accessible). Decrypt a < with the named key (whose secret text must be accessible). Decrypt a  from a < with the named key (whose secret text must be accessible).ySign a file with the named key (whose secret text must be accessible) to produce a detached signature in the named file.Sign a \ with the named key (whose secret text must be accessible) to produce a detached signature.<Verify that a signature for a file via the named public key.Verify that a signature for a  via the named public key.eRun a KS function in an IO context, dealing with keystore updates, output, debug logging and errors.3  pqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHINOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~23456789:;<=>D?D23456789:<=>;3None68MThis type specifies the reasons that an attempt to access a key from the store has failed. This kind of failure suggests an inconsistent model and will be raised regardless of which keys have been stored in the store.GRequests to retrieve a key from the staor can fail for various reasons.One, many or all of the keys in a store may be rotated at a time. we use one of these to specify which keys are to be rotated.lA key is triple containing some (plain-text) identity information for the key, some comment text and the secret text to be encrypted. Note that the keystore doesn't rely on this information but merely stores it. (They can be empty.) The identity field will often be used to storte the key's identity within the system that generates and uses it, ofor example.eSections are used to hold the top (master) key for the keystore, its signing key, or deployment keys]This class describes the relationship between the host-id, section-id and key-id types used to build a hierarchical deployment model for a keystore. A minimal instance would have to define hostDeploySection. The deploy example program contains a fairly thorough example of this class being used to implement a quite realitic deploymrnt scenario.Here we create the store and rotate in a buch of keys. N.B. All of the section passwords must be bound in the process environment before calling procedure.3Rotate in a set of keys specified by the predicate.Rotate in a set of keys specified by the predicate, rotating each key only if it has changed: NB the check is contingent on the secret text being accessible; if the secret text is not accessible then the rotation will happen.}Rotate in a set of keys specified by the predicate with the first argument controlling whether to squash duplicate rotations%Retrieve the keys for a given host from the store. Note that the whole history for the given key is returned. Note also that the secret text may not be present if it is not accessible (depnding upon hwich section passwords are correctly bound in the process environment). Note also that the G diagnostic should not fail if a coherent model has been ddefined for .lSign the keystore. (Requites the password for the signing section to be correctly bound in the environment)4A predicate specifying all of the keys in the store.8A predicate specifying none of the keys in the keystore.A utility for specifing a slice of the keys in the store, optionally specifying host section and key that should belong to the slice. (If the host is specified then the resulting predicate will only include host-indexed keys belonging to the given host.)List a shell script for establishing all of the keys in the environment. NB For this to work the password for the top section (or the passwords for all of the sections must be bound if the store does not maintain a top key).EList a shell script for storing the public signing key for the store.List all of the keys that have the given name as their prefix. If the generic name of a key is given then it will list the complete history for the key, the current (or most recent) entry first.Return the generic name for a given key thst is used by the specified host, returning a failure diagnostic if the host does not have such a key on the given Section model.Return the section that a host stores a given key in, returning a failure diagnostic if the host does not keep such a key in the given Section model.BThe name of the key that stores the password for a given sections.xlthe deployment section: for a given host, the starting section for locating the keys during a deployment (higher"/closer sections taking priority)whether the section holds the top key for the keystore (i.e., keystore master key), the signing key for the keystore or is a normal section containing deployment keysthe sections that get a copy of the master for this section (making all of its keys available to them); N.B., the graph formed by this this relationship over the sections must be acyclicTif the key is host-indexed then the predicate specifies the hosts that use this key-specifies which sections a key is resident in#loads the data for a particular key&loads the setting for a given settings+describes the key (for the ks help command)/describes the section (for the ks help command)isecifies the environment variable containing the ^ master password/provate key for for the given section      !"#$%&'()*+,-./012345--Y       !"#$%&'()*+,-./012345None6789:klkl6789:None'  #$%&'()*+<=>?@ABCpqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHINOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~23456789:;<=>Dklmnopqrstuvwxyz{|}~;  !"#$%&'()*+,-./0123456789:;;<==>??@AABCCDEFGHHIJKKLMMNOPQRSTTUVWWXYYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~        !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                                                                                                                 !"#$%&'()*+,-./0123456789:;<=>?@@ABCDEFGHIIJKLLMNOOPQRSTUVWXXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~u01y                                                             t !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`a_`bcdefghijklmnopqrstuvwxyz{|}~2?PXkeystore-0.5.1.0Data.KeyStore.TypesData.KeyStore.Types.E'Data.KeyStore.Types.PasswordStoreSchemaData.KeyStore.Types.Schema$Data.KeyStore.Types.NameAndSafeguard&Data.KeyStore.Types.PasswordStoreModelData.KeyStore.KS.CPRNGData.KeyStore.KS.ConfigurationData.KeyStore.VersionData.KeyStore.KS.OptData.KeyStore.KS.KSData.KeyStore.KS.PacketData.KeyStore.KS.CryptoData.KeyStore.KSData.KeyStore.IO.ICData.KeyStore.CLI.CommandData.KeyStore.PasswordManagerData.KeyStore.IOData.KeyStore.SectionsData.KeyStore.CLI Data.KeyStorecrypto-pubkey-types-0.4.2.2Crypto.Types.PubKey.RSA PrivateKey private_pub private_d private_p private_q private_dP private_dQ private_qinv PublicKey public_sizepublic_npublic_etransformers-0.4.1.0Control.Monad.Trans.ErrorstrMsgpasswordStoreSchemapasswordStoreChangelogkeystoreSchemakeystoreChangelogReasonErsaErroreWrap showReason SafeguardNamename_name safeguard safeguardKeysisWildSafeguardprintSafeguardparseSafeguard SessionMap PasswordMap SessionName _SessionName PasswordText _PasswordText PasswordName _PasswordNamePasswordStoreComment_PasswordStoreCommentSession _ssn_name _ssn_password_ssn_isOneShot _ssn_setupSessionPasswordAssoc _spa_name _spa_sessionREP__SessionMap_smp_mapPassword_pw_name_pw_text _pw_sessions _pw_isOneShot _pw_primed _pw_setupNamePasswordAssoc _npa_name _npa_passwordREP__PasswordMap_pm_map PasswordStore _ps_comment_ps_map _ps_setup inj_pwmap prj_pwmap inj_snmap prj_snmap ps_commentps_mapps_setuppm_mapnpa_name npa_password pw_isOneShotpw_name pw_primed pw_sessionspw_setuppw_textsmp_mapspa_name spa_session ssn_isOneShotssn_name ssn_password ssn_setuppasswordStoreComment passwordName passwordText sessionName$fToJSONPasswordStoreCPRNGnewCPRNG testCPRNG generateCPRNGDirctn Decrypting EncryptingEncrypedCopyMapKeyMapSettings _Settings TriggerMapPattern _pat_string _pat_regexVoid_VoidSignaturePacket_SignaturePacketEncryptionPacket_EncryptionPacket RSASignature _RSASignatureRSASecretBytes_RSASecretBytesRSAEncryptedKey_RSAEncryptedKey SecretData _SecretDataAESKey_AESKeyHashData _HashDataIV_IVSalt_Salt ClearText _ClearTextEnvVar_EnvVarComment_Comment TriggerID _TriggerID SettingID _SettingIDIdentity _Identity REP__Name _REP__NameOctets_Octets Iterations _Iterations REP__Pattern _REP__Pattern FragmentID _FragmentID EncryptionKeyEK_none EK_symmetric EK_private EK_publicHashPRF PRF_sha512 PRF_sha256PRF_sha1Cipher CPH_aes256 CPH_aes192 CPH_aes128REP__PrivateKey_prk_pub_prk_d_prk_p_prk_q_prk_dP_prk_dQ _prk_qinvREP__PublicKey _puk_size_puk_n_puk_e AESSecretData_asd_iv_asd_secret_data RSASecretData_rsd_encrypted_key_rsd_aes_secret_dataEncrypedCopyData ECD_no_data ECD_clearECD_aesECD_rsaREP__Safeguard _sg_names EncrypedCopy _ec_safeguard _ec_cipher_ec_prf_ec_iterations_ec_salt_ec_secret_dataREP__EncrypedCopyMap_ecm_mapHashDescription_hashd_comment _hashd_prf_hashd_iterations_hashd_width_octets_hashd_salt_octets _hashd_saltHash_hash_description _hash_hashKey _key_name _key_comment _key_identity_key_is_binary _key_env_var _key_hash _key_public_key_secret_copies_key_clear_text_key_clear_private_key_created_at NameKeyAssoc _nka_name_nka_key REP__KeyMap_kmp_map TextJsonAssoc_tja_id_tja_key REP__Settings _stgs_jsonTrigger_trg_id _trg_pattern _trg_settingsREP__TriggerMap_tmp_map Configuration _cfg_settings _cfg_triggersKeyStore _ks_config _ks_keymappattern inj_pattern prj_patterninj_trigger_mapprj_trigger_map inj_settings prj_settingsdefaultSettingscheckSettingsCollisionsmarker inj_keymap prj_keymap emptyKeyStore emptyKeyMapinj_encrypted_copy_mapprj_encrypted_copy_mapdefaultConfiguration inj_safeguard prj_safeguardinj_nameprj_name inj_PublicKey prj_PublicKeyinj_PrivateKeyprj_PrivateKeye2ppbkdfkeyWidthvoid_ map_from_list$fMonoidSettings$fIsStringPattern $fShowPattern $fEqPattern _text_Cipher _map_Cipher _text_HashPRF _map_HashPRF ks_config ks_keymap cfg_settings cfg_triggerstmp_maptrg_id trg_pattern trg_settings stgs_jsontja_idtja_keykmp_mapnka_keynka_namekey_clear_privatekey_clear_text key_commentkey_created_at key_env_varkey_hash key_identity key_is_binarykey_name key_publickey_secret_copieshash_description hash_hash hashd_commenthashd_iterations hashd_prf hashd_salthashd_salt_octetshashd_width_octetsecm_map ec_cipher ec_iterationsec_prf ec_safeguardec_saltec_secret_datasg_namesrsd_aes_secret_datarsd_encrypted_keyasd_ivasd_secret_datapuk_epuk_npuk_sizeprk_dprk_dPprk_dQprk_pprk_pubprk_qprk_qinv fragmentID rEP__Pattern iterationsoctets rEP__Nameidentity settingID triggerIDcommentenvVar clearTextsaltiVhashDataaESKey secretDatarSAEncryptedKeyrSASecretBytes rSASignatureencryptionPacketsignaturePacketvoid$fToJSONKeyStoreconfigurationSettingstriggerversion versionTupleOpt_OptEnumCrypt__salt_octetsCrypt__iterations Crypt__prf Crypt__cipherHash__salt_octetsHash__width_octetsHash__iterations Hash__prf Hash__comment Backup__keys Sections__fixVerify__enabledDebug__enabledOptopt_enumgetSettingsOptgetSettingsOpt'setSettingsOptopt__debug_enabledopt__verify_enabledopt__sections_fixopt__backup_keysopt__hash_comment opt__hash_prfopt__hash_iterationsopt__hash_width_octetsopt__hash_salt_octetsopt__crypt_cipheropt__crypt_prfopt__crypt_iterationsopt__crypt_salt_octetsopt_listSettingsOptsoptHelpoptNameparseOptLogEntryle_debug le_messageState st_keystorest_cprngCtxctx_now ctx_store ctx_settingsKSwithKeytrune2ioe2ksrun_ randomBytes currentTimeputStrKSbtwdebugLogcatchKSerrorKSthrowKSstoreKS lookupOpt getSettings lookupKey insertNewKey insertKey adjustKeyKS deleteKeysKS randomRSArandomKS getKeymap getConfig modConfigencocdeEncryptionPacketdecocdeEncryptionPacketEencocdeSignaturePacketdecocdeSignaturePacketEtestBP sizeAesIVsizeOAE test_cryptodefaultEncryptedCopyKSsaveKS restoreKS mkAESKeyKS encryptKS decryptKSdecryptEencodeRSASecretDatadecodeRSASecretDatadecodeRSASecretData_ encryptRSAKS decryptRSAKS decryptRSAEoaepsignKSverifyKSpssp encryptAESKS encryptAES decryptAESrandomAESKeyKS randomIVKShashKSdefaultHashParamsdefaultHashParamsKShashKS_generateKeysKSgenerateKeysKS_decodePrivateKeyDEREdecodePublicKeyDEREencodePrivateKeyDERencodePublicKeyDER decodeDERE encodeDER keyStoreByteskeyStoreFromBytessettingsFromBytescreateRSAKeyPairKSencryptWithRSAKeyKSencryptWithRSAKeyKS_decryptWithRSAKeyKSdecryptWithRSAKeyKS_signWithRSAKeyKSverifyWithRSAKeyKSencryptWithKeysKSdecryptWithKeysKS createKeyKS rememberKeyKS backupKeysKS secureKeyKSlistKS keyInfoKS getKeysKS loadKeyKSloadEncryptionKeyKS CtxParamscp_storecp_debug cp_readonlyIC ic_ctx_paramsic_cachedefaultCtxParamsdefaultSettingsFilePathsettingsFilePathdefaultKeyStoreFilePath determineCtxestablishState newGenerator readKeyStorescanEnv readSettingserrorIOlogitCommandDeleteVerifySignDecryptEncrypt ShowSecret ShowPublic ShowHashSaltShowHashCommentShowHashShowDate ShowComment ShowIdentityInfoListSecure CreateKeyPairCreate ListTriggers RmvTrigger AddTriggerListSettingOpts ListSettingsUpdateSettings InitialiseKeystoreVersionCLI cli_params cli_commandparseCLI parseCLI'cliInfo cliParser paramsParserrunParse CollectConfig _cc_optional _cc_activeSessionDescriptor_sd_name _sd_isOneShotPW_PWpwName parsePwName isSession isOneShotenVar summarizedescribePMConfig _pmc_location _pmc_env_var_pmc_keystore_msg_pmc_password_msg _pmc_shell_pmc_hash_descr_pmc_allow_dumps_pmc_dump_prefix_pmc_sample_scriptdefaultCollectConfigpasswordManagerdefaultHashDescriptiondefaultSampleScripthashMasterPasswordbindMasterPasswordsetup passwordValidisStorePresent amLoggedInisBoundload psCommentcollectprimeselectdeletePassword deleteSessionstatus passwordssessions infoPassword infoPassword_dump collectShell newKeyStore instanceCtx instanceCtx_store listSettingssettingsupdateSettings listTriggerstriggers addTrigger addTrigger' rmvTriggercreateRSAKeyPair createKey adjustKey rememberKey rememberKey_ secureKeyloadKey showIdentity showCommentshowDateshowHashshowHashComment showHashSalt showPublic showSecretlistkeyInfokeys deleteKeysencryptencrypt_ encrypt__decryptdecrypt_ decrypt__signsign_verifyverify_run getKeystoregetState getCtxState putCtxState RetrieveDgRDG_no_such_host_keyRDG_key_not_reachable KeyPredicateKeyData kd_identity kd_comment kd_secret SectionTypeST_keys ST_signingST_topSectionshostDeploySection sectionType superSectionskeyIsHostIndexedkeyIsInSection getKeyDatasectionSettings describeKeydescribeSectionsectionPWEnvVarCodeencodedecodeSECTIONS initialiserotaterotateIfChangedretrieve signKeystoreverifyKeystorenoKeysallKeyskeyPrededicatekeyHelp sectionHelpsecretKeySummarypublicKeySummary locateKeyskeyNameclicli'R_GENR_MSGR_RSA $fErrorReason$fExceptionReason _Safeguard_Name is_nm_char sg_sym_chs$fIsStringSafeguard_CPRNGHelphlp_texthlp_type opt_defaultopt_fromopt_toopt_helphelp backup_optbool_optintg_opttext_optenum_optdbg_helpvfy_helpsfx_helpbku_helphcm_helphpr_helphit_helphwd_helphna_helpccy_helpcpr_helpcit_helpcna_help_KS mod_keymapBP_BPShowB MagicWordencryption_magic_wordsignature_magic_word encodePacket decodePacketEencodeSafeguarddecodeSafeguardencodeLengthPacketdecodeLengthPackete2bprunBPbtwBPerrorBPthrowBPsplitBP remainingBPpeek_remainingBPmodifyBPto_hex test_oaeptest_pss default_edefault_key_sizersa2e backupKeyKSLineLnCopyLnCopiesHeaderLnHashLnDateLnHeader secure_keylist_keyload_key load_key' load_key''loadEncryptionKeyKS_ verify_key verify_key_verify_private_key_ cleanKeyMapscanEnv'ioElu_pathmk_pathp_store p_debug_flgp_no_debug_flgp_readonly_flgp_writeback_flg p_command pi_version pi_keystore pi_initialisepi_update_settingspi_list_settingspi_list_setting_optspi_add_triggerpi_rmv_triggerpi_list_triggers pi_createpi_create_key_pair pi_securepi_listpi_infopi_show_identitypi_show_comment pi_show_date pi_show_hashpi_show_hash_commentpi_show_hash_saltpi_show_publicpi_show_secret pi_encrypt pi_decryptpi_sign pi_verify pi_delete p_trigger_id p_patternp_name p_comment p_identity p_env_var p_safeguard p_key_textp_filep_armourp_opth_infologin is_primedlookup_sessionlookup_sessionsget_pw prime_charbaseGHC.Num+- format_dump PMCommandPMCD_sample_script PMCD_collect PMCD_dump PMCD_info PMCD_sessionsPMCD_passwords PMCD_statusPMCD_delete_sessionPMCD_delete_password PMCD_selectPMCD_prime_all PMCD_prime PMCD_comment PMCD_load PMCD_login PMCD_setup PMCD_versioncast_pmccast_pwactive_sessionwrap_defwrapwrap'enquirepassword_validload_pssave_psload_ps' random_bytessave_ps'get_keynot_logged_in_errget_key'mk_aekmk_aek' pretty_setupset_env ssn_error parse_command command_infocommand_parserpi_setuppi_loginpi_load pi_commentpi_prime pi_prime_all pi_selectpi_delete_passwordpi_delete_session pi_status pi_passwords pi_sessionspi_dump pi_collectpi_sample_script p_no_login_sw p_loop_sw p_quiet_sw p_brief_sw p_active_sw p_unprime_sw p_secret_sw p_sessions_swp_pw_id p_pw_id_optp_password_textp_session_namep_load_comment p_ps_commentp_hashp_word run_parsebytestring-0.10.4.0Data.ByteString.Internal ByteStringshow_itshow_it'scan_env backup_envreportRetrieverotate_ keySectionMunch_MunchEncodingenc_henc_senc_kCODEREFORMAT _REFORMAT locate_keys key_sectionfmtrotate'lower_sections mk_section mk_section' add_signing add_password add_save_key add_trigger bu_settings signing_keysectionsbackup_passwordkey_nmesgn_nmesve_nme scn_pattern unique_nme unique_nme' the_keystoreget_kdreformatscn_RFTkp_RFTh_RFT reformat_icreformat_keystorereformat_configreformat_triggersreformat_settingsreformat_patternreformat_key_map reformat_ecm reformat_sg reformat_name m_patternm_namem_savem_pw m_sectionm_section_signing m_section_keym_section_key_vrnm_section_key_host munch_vrnencodingcode_m run_munchmunch1munch_munch key2KeyDataname' $fMonadMunch$fAlternativeMunch$fApplicativeMunch$fFunctorMunchcommandcreatesecureinfo verify_cli