k      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                                                                                                            !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~     NoneNoneNone None     NoneK!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijJ!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijJ,-.)*+&'(#$%/0123456789:;<=>?@ABCKLMNODEFGHIJ"PQ!RSjihgfedcba`_^]\[ZYXWVUT)!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijNoneklmnklmnklmnklmnNonexGKeystore session context, created at the start of a session and passed # to the keystore access functions. 0opqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGH IJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~!H  opqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~9|}~ !"#$%&    '()* xyz{+,-w./tuv01234s5678r9:;<=>?@ABCDoqpEFGH~}|{zyxwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJI oqprstuvwxyz{|}~       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGH IJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~!None  Safe-Inferred NoneC"#$%&'()*+,-./0123456789:;<='(, "#$%&'()*+,-./0123456789:;<= None+>?@((>?@ NoneABCDEFGHIJKLMNOPQRSTUVWXYABCDEFGHIJKLMNOPQRSTUVWXY None*Z[     \]^%     %     *Z[     \]^NoneIEncode a key store as a JSON ByteString (discarding any cached cleartext  copies of secrets it may have) 7Encrypt a clear text message with a name RSA key pair. JDecrypt an RSA-encrypted message (the RSA secret key named in the message  must be available.) FSign a message with a named RSA secret key (which must be available).  6Verify that an RSA signature of a message is correct. !GSymetrically encrypt a message with a Safeguard (list of names private  keys). "GSymetrically encrypt a message with a Safeguard (list of names private  keys). #Create a private key. $GRemember the secret text for a key -- will record the hash and encrypt F it with the configured safeguards, generating an error if any of the  safeguards are not available. %GBackup all of the keys in the store with their configured backup keys. _3Backup a named key with its configured backup key. &BPrimitive to make a cryptographic copy (i.e., a safeguard) of the G secret text of a key, storing it in the key (and doing nothing if the % that safeguard is already present). '@List all of the keys in the store, one per line, on the output. (/Print out the information of a particular key. )(Return all of the keys in the keystore. *ETry to load the secret copy into the key and return it. (No error is - raised if it failed to recover the secret.) +FTry to load an encryption or decryption key for an encrypted message. '`abcde !"#(unique) name of the new key the comment string the identity string 8the environment variable used to hold a clear text copy !(optionally) the clear test copy $%_&f'(gh)*ijk+lmnopklmn      !"#$%&'()*+ !"#%$&)'(*+"`edcba !"#$%_&f'(gh)*ijk+lmnopNone ,2The parameters used to set up a KeyStore session. .2location of any explictlt specified keystore file /7whether debug output has been specified enabled or not 0$Just True => do not update keystore 5Suitable default ,. 64The default place for keystore settings (settings). 78Add the standard file extension to a base name (.json). 81The default file for a keystore (keystore.json). 9Determine the  and keystore  from , :Set up the keystore state. >=Read the JSON-encoded KeyStore settings from the named file. ,-./0123456789:;<=q>?r@st,-./0123456789:;<=>?@1234,-./056789:;<>=?@,-./0123456789:;<=q>?r@stNoneSABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdeuvwxyz{|}~f&ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdef&]^_`A\[ZYXWVUTSRQPONMLKJIHGFEDCBabcdef5A\[ZYXWVUTSRQPONMLKJIHGFEDCB]^_`abcdeuvwxyz{|}~fNoneCg5the abstract syntax for the passowd manager commands hthe client calls , to bind the passwords into the environment jMif True , collect will not report an error if the master password is missing k1the list of active passwords for this collection pJwe resort to phantom types when we have no other way of passing PW into a  function (see ) rlThe PW class provides all of the information on the bounded enumeration type used to identify the passwords s(the name by which the password is known tparse a PasswordName into a p uvwhether the passwords is a session and if so a function for extracting the session name from the secret password text vMwhether the password is a one-shot password, needing to be primed to be used wQthe environment variable where the password is expected to be found by the client/deployment scripts x3a brief description of the password in a few words ya description of the password zKThe password manager is used for storing locally the passwords and session N tokens of a single user. The password used to encode the store is stored in L an environment variable and the passwords and tokens are stored in a file. < The file and and environment cariable are specified in the PWConfig record. N (The attributes of each password and session list, including the environment G variables that they are communicated through, is statically specified  with the PW class below.) |.file in which to store the encrypted passords }Qthe environmant variable containing the master password used to secure the store ~;error message to be used on failure to locate the keystore Berror message to be used on failure to locate the master password 7for firing up an interactive shell on successful login )for generating has descriptions (can use  here) must be true to enable  commands Ithe prefix string to be used in making up the commands from dump scripts the sample script @map the dynamic (plus) passwords to their environment variables Araise an error if not logged in and collect all of the passwords Dthe password manager CLI: it just needs the config and command line  a sample # generator to help with setting up z 7sample sample-script generator to help with setting up z Mhashing the master password to create the private key for securing the store ,bind the master password in the environment Bcreate an empty passowrd store; if the boolean flag is False then @ an interactive shell is fired up with access to the new store; 9 if no password is specified then one is read from stdin Klaunch an interactive shell with access to the password store; if the bool K boolean flag is True then it will loop asking for the passwoord until the I correct password is typed (or an error ocurrs, possibly from a SIGint);  if no &/ is specified then one will be read from stdin %is this the correct master password? Lis this the correct master password for this keystore? Return the decrypted  keystore if so. is the password store there? are we currently logged in? is the password/'session bound to a value in the store? Bimport the contents of another keystore into the current keystore Gloads a password into the store; if this is a session password and the J boolean ss is True then the session will be reset to this password also;  if no &/ is specified then one will be read from stdin 0load a dynamic password into the Password store 'set the comment for the password store *collect the available passwords listed in h from the store : and bind them in their designated environmants variables jprime a one-shot password so that it will be availabe on the next collection (probably for a deployment); 6 if no password is specified then they are all primed #select a different session for use !delete a password from the store !delete a password from the store  delete a session from the store print a status line; if q is True then don't output anything and exit # with fail code 1 if not logged in 'print a status apropriate for a prompt %list the passwords, one per line; if a+ is set then all passwords will be listed, 4 otherwise just the primed passwords will be listed &list all of the dynamic (+) passwords $list the sessions, one per line; if p is specified then all of the ' sessions are listed for that password Iprint the info, including the text descriton, for an individual passowrd get the info on a password *print the info for a dynamic (+) password 'get the info on a dynamic (+) password ;dump the store in a s script that can be used to reload it Qcollect the passowrds, bthem into the environmant and launch an interacive shell +check whether a password is primed for use ]lookup a session in a password store, possibly specifying the password it belogs to; exactly < one session must be found, otherwise an error is generated /lookup all of the sessions in a password store &read a passord from stdin and hash it use a ) to represent a primed one-shot password, otherwise .make up a script for loading a password store Fmarge in the second password store into the first, all definitions in - the second passwords store, except the store's creation time, which is C taken from the first store; any sessions are also merged with the 0 sessions in the second store taking precedence 7run a password manager command abstracy syntax command "parse a passwword manager command ghijklmnopqrstuvwxyz{|}~=> don'<t fire up an interactive shell with access to the new store the master password list active sessions only "list only the session identifiers 6if specified, then only the sessions on this password &True => show the password secret text the password to show (the prefix for each script command line the store comment the passwords to load the sessions to select    V#$%&'()*+<=>?@ABCghijklmnopqrstuvwxyz{|}~Vz{|}~rstuvwxypqlmnohijk<=>?@ABC)*+&'(#$%gyghijklmnopqrstuvwxyz {|}~   None(HGenerate a new keystore located in the given file with the given global  settings. Given ,9 describing the location of the keystore, etc., generate J an IC for use in the following keystore access functions that will allow ? context to be cached between calls to these access functions. CThis functional method will generate an IC that will not cache any  state between calls. !the filepath of the loaded store "List the JSON settings on stdout. 2Return the settings associated with the keystore. GUpdate the global settings of a keystore from the given JSON settings. 4List the triggers set up in the keystore on stdout. -Returns the striggers setup on the keystore.  addTrigger'- cariant that erads the setting from a file. KSet up a named trigger on a keystore that will fire when a key matches the * given pattern establishing the settings. ,Remove the named trigger from the keystore. JCreate an RSA key pair, encoding the private key in the named Safeguards. KCreate a symmetric key, possibly auto-loaded from an environment variable. Adjust a named key. &Load a named key from the named file. Load the named key. 4Encrypt and store the key with the named safeguard. 2Try and retrieve the secret text for a given key. Return the identity of a key. *Return the comment associated with a key. "Return the creation UTC of a key. Return the hash of a key.  Return the hash comment of a key/ Retuen the hash salt of a key. 3(For public key pairs only) return the public key. QReturn the secret text of a key (will be the private key for a public key pair). -List a summary of all of the keys on stdout. (Return all of the keys in the keystore. )Delete a list of keys from the keystore.  Encrypt a   with a named key.  Encrypt a   with a named key to produce a . JDecrypt a file with the named key (whose secret text must be accessible).  Decrypt a   with the named key ) (whose secret text must be accessible).  Decrypt a   from a  with the named key ) (whose secret text must be accessible). FSign a file with the named key (whose secret text must be accessible) 4 to produce a detached signature in the named file. Sign a  ; with the named key (whose secret text must be accessible) " to produce a detached signature. =Verify that a signature for a file via the named public key. Verify that a signature for a   via the named public key. KRun a KS function in an IO context, dealing with keystore updates, output,  debug logging and errors. 3   opqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~,-./012345678>?>,-./0123467853 NoneIThis type specifies the reasons that an attempt to access a key from the G store has failed. This kind of failure suggests an inconsistent model L and will be raised regardless of which keys have been stored in the store. HRequests to retrieve a key from the staor can fail for various reasons. BOne, many or all of the keys in a store may be rotated at a time. > we use one of these to specify which keys are to be rotated. KA key is triple containing some (plain-text) identity information for the G key, some comment text and the secret text to be encrypted. Note that  the keystore doesn'7t rely on this information but merely stores it. (They G can be empty.) The identity field will often be used to storte the key's F identity within the system that generates and uses it, ofor example. ASections are used to hold the top (master) key for the keystore, % its signing key, or deployment keys FThis class describes the relationship between the host-id, section-id F and key-id types used to build a hierarchical deployment model for a F keystore. A minimal instance would have to define hostDeploySection. G The deploy example program contains a fairly thorough example of this E class being used to implement a quite realitic deploymrnt scenario. GHere we create the store and rotate in a buch of keys. N.B. All of the K section passwords must be bound in the process environment before calling  procedure. 4Rotate in a set of keys specified by the predicate. KRotate in a set of keys specified by the predicate, rotating each key only H if it has changed: NB the check is contingent on the secret text being Q accessible; if the secret text is not accessible then the rotation will happen. KRotate in a set of keys specified by the predicate with the first argument 3 controlling whether to squash duplicate rotations nRetrieve the keys for a given host from the store. Note that the whole history for the given key is returned. r Note also that the secret text may not be present if it is not accessible (depnding upon hwich section passwords E are correctly bound in the process environment). Note also that the ! diagnostic should not fail if a & coherent model has been ddefined for . RSign the keystore. (Requites the password for the signing section to be correctly  bound in the environment) 5A predicate specifying all of the keys in the store. 9A predicate specifying none of the keys in the keystore. 1List all of the keys specified by a KeyPredicate PA utility for specifing a slice of the keys in the store, optionally specifying V host section and key that should belong to the slice. (If the host is specified then N the resulting predicate will only include host-indexed keys belonging to the  given host.) UList a shell script for establishing all of the keys in the environment. NB For this T to work the password for the top section (or the passwords for all of the sections : must be bound if the store does not maintain a top key). FList a shell script for storing the public signing key for the store. FList all of the keys that have the given name as their prefix. If the K generic name of a key is given then it will list the complete history for 4 the key, the current (or most recent) entry first. FReturn the generic name for a given key thst is used by the specified K host, returning a failure diagnostic if the host does not have such a key  on the given Section model.  ABasic function for generating a key name from the host (if it is ) host indexex), section name and key id. BReturn the section that a host stores a given key in, returning a F failure diagnostic if the host does not keep such a key in the given  Section model.  CThe name of the key that stores the password for a given sections. } *the deployment section: for a given host, , the starting section for locating the keys  during a deployment (higher/closer sections  taking priority) .whether the section holds the top key for the 7 keystore (i.e., keystore master key), the signing key 4 for the keystore or is a normal section containing  deployment keys +the sections that get a copy of the master * for this section (making all of its keys 4 available to them); N.B., the graph formed by this 5 this relationship over the sections must be acyclic .if the key is host-indexed then the predicate ' specifies the hosts that use this key .specifies which sections a key is resident in $loads the data for a particular key 4loads the data for a particular key, returning mode 'loads the setting for a given settings ,describes the key (for the ks help command) 0describes the section (for the ks help command) 1secifies the environment variable containing the  ^ master password/&provate key for for the given section ! " #$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ4  4  [  ! " #$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZNone   [\]^,,-./0ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`cdef   ,  efcd A\[ZYXWVUTSRQPONMLKJIHGFEDCB,-./0]^_`   [\]^None]  #$%&'()*+<=>?@ABCopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~,-./012345678>ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`cdefghijklmnopqrstuvwxyz{|}~     _  !"#$%&'()*+,-./0123456789:;;<==>??@AABCCDEFGHHIJKKLMMNOPQRSTTUVWWXYYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~       !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~                                                                                                                                  !"#$%&'()*+,-./0123456789::;<=>?@ABCDDEFGGHIJJKLMNOPQRSSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~u01x                                                    ! " # $ % & ' ( ) *+,-./0123t456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstustvwxyz{|}~FSdl      !"#$%&keystore-0.6.3.0Data.KeyStore.TypesData.KeyStore.Types.E'Data.KeyStore.Types.PasswordStoreSchemaData.KeyStore.Types.Schema$Data.KeyStore.Types.NameAndSafeguard&Data.KeyStore.Types.PasswordStoreModelData.KeyStore.KS.CPRNGData.KeyStore.KS.ConfigurationData.KeyStore.VersionData.KeyStore.KS.OptData.KeyStore.KS.KSData.KeyStore.KS.PacketData.KeyStore.KS.CryptoData.KeyStore.KSData.KeyStore.IO.ICData.KeyStore.CLI.CommandData.KeyStore.PasswordManagerData.KeyStore.IOData.KeyStore.SectionsData.KeyStore.CLI Data.KeyStorecrypto-pubkey-types-0.4.2.3Crypto.Types.PubKey.RSA PrivateKey private_pub private_d private_p private_q private_dP private_dQ private_qinv PublicKey public_sizepublic_npublic_etransformers-0.4.1.0Control.Monad.Trans.ErrorstrMsgpasswordStoreSchemapasswordStoreChangelogkeystoreSchemakeystoreChangelogReasonErsaErroreWrap showReason SafeguardNamename_name safeguard safeguardKeysisWildSafeguardprintSafeguardparseSafeguard SessionMap PasswordMap SessionName _SessionName PasswordText _PasswordText PasswordName _PasswordNamePasswordStoreComment_PasswordStoreCommentSession _ssn_name _ssn_password_ssn_isOneShot _ssn_setupSessionPasswordAssoc _spa_name _spa_sessionREP__SessionMap_smp_mapPassword_pw_name_pw_text _pw_sessions _pw_isOneShot _pw_primed _pw_setupNamePasswordAssoc _npa_name _npa_passwordREP__PasswordMap_pm_map PasswordStore _ps_comment_ps_map _ps_setup inj_pwmap prj_pwmap inj_snmap prj_snmap ps_commentps_mapps_setuppm_mapnpa_name npa_password pw_isOneShotpw_name pw_primed pw_sessionspw_setuppw_textsmp_mapspa_name spa_session ssn_isOneShotssn_name ssn_password ssn_setuppasswordStoreComment passwordName passwordText sessionNameCPRNGnewCPRNG testCPRNG generateCPRNGDirctn Decrypting EncryptingEncrypedCopyMapKeyMapSettings _Settings TriggerMapPattern _pat_string _pat_regexVoid_VoidSignaturePacket_SignaturePacketEncryptionPacket_EncryptionPacket RSASignature _RSASignatureRSASecretBytes_RSASecretBytesRSAEncryptedKey_RSAEncryptedKey SecretData _SecretDataAESKey_AESKeyHashData _HashDataIV_IVSalt_Salt ClearText _ClearTextEnvVar_EnvVarComment_Comment TriggerID _TriggerID SettingID _SettingIDIdentity _Identity REP__Name _REP__NameOctets_Octets Iterations _Iterations REP__Pattern _REP__Pattern FragmentID _FragmentID EncryptionKeyEK_none EK_symmetric EK_private EK_publicHashPRF PRF_sha512 PRF_sha256PRF_sha1Cipher CPH_aes256 CPH_aes192 CPH_aes128REP__PrivateKey_prk_pub_prk_d_prk_p_prk_q_prk_dP_prk_dQ _prk_qinvREP__PublicKey _puk_size_puk_n_puk_e AESSecretData_asd_iv_asd_secret_data RSASecretData_rsd_encrypted_key_rsd_aes_secret_dataEncrypedCopyData ECD_no_data ECD_clearECD_aesECD_rsaREP__Safeguard _sg_names EncrypedCopy _ec_safeguard _ec_cipher_ec_prf_ec_iterations_ec_salt_ec_secret_dataREP__EncrypedCopyMap_ecm_mapHashDescription_hashd_comment _hashd_prf_hashd_iterations_hashd_width_octets_hashd_salt_octets _hashd_saltHash_hash_description _hash_hashKey _key_name _key_comment _key_identity_key_is_binary _key_env_var _key_hash _key_public_key_secret_copies_key_clear_text_key_clear_private_key_created_at NameKeyAssoc _nka_name_nka_key REP__KeyMap_kmp_map TextJsonAssoc_tja_id_tja_key REP__Settings _stgs_jsonTrigger_trg_id _trg_pattern _trg_settingsREP__TriggerMap_tmp_map Configuration _cfg_settings _cfg_triggersKeyStore _ks_config _ks_keymappattern inj_pattern prj_patterninj_trigger_mapprj_trigger_map inj_settings prj_settingsdefaultSettingscheckSettingsCollisionsmarker inj_keymap prj_keymap emptyKeyStore emptyKeyMapinj_encrypted_copy_mapprj_encrypted_copy_mapdefaultConfiguration inj_safeguard prj_safeguardinj_nameprj_name inj_PublicKey prj_PublicKeyinj_PrivateKeyprj_PrivateKeye2ppbkdfkeyWidthvoid_ map_from_list _text_Cipher _map_Cipher _text_HashPRF _map_HashPRF ks_config ks_keymap cfg_settings cfg_triggerstmp_maptrg_id trg_pattern trg_settings stgs_jsontja_idtja_keykmp_mapnka_keynka_namekey_clear_privatekey_clear_text key_commentkey_created_at key_env_varkey_hash key_identity key_is_binarykey_name key_publickey_secret_copieshash_description hash_hash hashd_commenthashd_iterations hashd_prf hashd_salthashd_salt_octetshashd_width_octetsecm_map ec_cipher ec_iterationsec_prf ec_safeguardec_saltec_secret_datasg_namesrsd_aes_secret_datarsd_encrypted_keyasd_ivasd_secret_datapuk_epuk_npuk_sizeprk_dprk_dPprk_dQprk_pprk_pubprk_qprk_qinv fragmentID rEP__Pattern iterationsoctets rEP__Nameidentity settingID triggerIDcommentenvVar clearTextsaltiVhashDataaESKey secretDatarSAEncryptedKeyrSASecretBytes rSASignatureencryptionPacketsignaturePacketvoidconfigurationSettingstriggerversion versionTupleOpt_OptEnumCrypt__salt_octetsCrypt__iterations Crypt__prf Crypt__cipherHash__salt_octetsHash__width_octetsHash__iterations Hash__prf Hash__comment Backup__keys Sections__fixVerify__enabledDebug__enabledOptopt_enumgetSettingsOptgetSettingsOpt'setSettingsOptopt__debug_enabledopt__verify_enabledopt__sections_fixopt__backup_keysopt__hash_comment opt__hash_prfopt__hash_iterationsopt__hash_width_octetsopt__hash_salt_octetsopt__crypt_cipheropt__crypt_prfopt__crypt_iterationsopt__crypt_salt_octetsopt_listSettingsOptsoptHelpoptNameparseOptLogEntryle_debug le_messageState st_keystorest_cprngCtxctx_now ctx_store ctx_settingsKSwithKeytrune2ioe2ksrun_ randomBytes currentTimeputStrKSbtwdebugLogcatchKSerrorKSthrowKSstoreKS lookupOpt getSettings lookupKey insertNewKey insertKey adjustKeyKS deleteKeysKS randomRSArandomKS getKeymap getConfig modConfigencocdeEncryptionPacketdecocdeEncryptionPacketEencocdeSignaturePacketdecocdeSignaturePacketEtestBP sizeAesIVsizeOAE test_cryptodefaultEncryptedCopyKSsaveKS restoreKS mkAESKeyKS encryptKS decryptKSdecryptEencodeRSASecretDatadecodeRSASecretDatadecodeRSASecretData_ encryptRSAKS decryptRSAKS decryptRSAEoaepsignKSverifyKSpssp encryptAESKS encryptAES decryptAESrandomAESKeyKS randomIVKShashKSdefaultHashParamsdefaultHashParamsKShashKS_generateKeysKSgenerateKeysKS_decodePrivateKeyDEREdecodePublicKeyDEREencodePrivateKeyDERencodePublicKeyDER decodeDERE encodeDER keyStoreByteskeyStoreFromBytessettingsFromBytescreateRSAKeyPairKSencryptWithRSAKeyKSencryptWithRSAKeyKS_decryptWithRSAKeyKSdecryptWithRSAKeyKS_signWithRSAKeyKSverifyWithRSAKeyKSencryptWithKeysKSdecryptWithKeysKS createKeyKS rememberKeyKS backupKeysKS secureKeyKSlistKS keyInfoKS getKeysKS loadKeyKSloadEncryptionKeyKS CtxParamscp_storecp_debug cp_readonlyIC ic_ctx_paramsic_cachedefaultCtxParamsdefaultSettingsFilePathsettingsFilePathdefaultKeyStoreFilePath determineCtxestablishState newGenerator readKeyStorescanEnv readSettingserrorIOlogitCommandDeleteVerifySignDecryptEncrypt ShowSecret ShowPublic ShowHashSaltShowHashCommentShowHashShowDate ShowComment ShowIdentityInfoListSecure CreateKeyPairCreate ListTriggers RmvTrigger AddTriggerListSettingOpts ListSettingsUpdateSettings InitialiseKeystoreVersionCLI cli_params cli_commandparseCLI parseCLI'cliInfo cliParser paramsParserrunParse PMCommand CollectConfig _cc_optional _cc_activeSessionDescriptor_sd_name _sd_isOneShotPW_PWpwName parsePwName isSession isOneShotenVar summarizedescribePMConfig _pmc_location _pmc_env_var_pmc_keystore_msg_pmc_password_msg _pmc_shell_pmc_hash_descr_pmc_allow_dumps_pmc_dump_prefix_pmc_sample_script_pmc_plus_env_vardefaultCollectConfigpasswordManagerdefaultHashDescriptiondefaultSampleScripthashMasterPasswordbindMasterPasswordsetup passwordValidpasswordValid'isStorePresent amLoggedInisBoundimport_loadloadPlus psCommentcollectprimeselectdeletePassworddeletePasswordPlus deleteSessionstatusprompt passwords passwordsPlussessions infoPassword infoPassword_infoPasswordPlusinfoPasswordPlus_dump collectShellpasswordManager'pmCommandParser newKeyStore instanceCtx instanceCtx_store listSettingssettingsupdateSettings listTriggerstriggers addTrigger addTrigger' rmvTriggercreateRSAKeyPair createKey adjustKey rememberKey rememberKey_ secureKeyloadKey showIdentity showCommentshowDateshowHashshowHashComment showHashSalt showPublic showSecretlistkeyInfokeys deleteKeysencryptencrypt_ encrypt__decryptdecrypt_ decrypt__signsign_verifyverify_run getKeystoregetState getCtxState putCtxState RetrieveDgRDG_no_such_host_keyRDG_key_not_reachable KeyPredicate KeyDataMode KDM_random KDM_staticKeyData kd_identity kd_comment kd_secret SectionTypeST_keys ST_signingST_topSectionshostDeploySection sectionType superSectionskeyIsHostIndexedkeyIsInSection getKeyDatagetKeyDataWithModesectionSettings describeKeydescribeSectionsectionPWEnvVarCodeencodedecodeSECTIONS initialiserotaterotateIfChangedrotate_retrieve signKeystoreverifyKeystorenoKeysallKeyslistKeyskeyPrededicatekeyHelp sectionHelpsecretKeySummarypublicKeySummary locateKeyskeyNamekeyName_clicli'executeR_GENR_MSGR_RSA $fErrorReason$fExceptionReason _Safeguard_Name is_nm_char sg_sym_chs$fIsStringSafeguard$fToJSONPasswordStore_CPRNG$fMonoidSettings$fIsStringPattern $fShowPattern $fEqPattern$fToJSONKeyStoreHelphlp_texthlp_type opt_defaultopt_fromopt_toopt_helphelp backup_optbool_optintg_opttext_optenum_optdbg_helpvfy_helpsfx_helpbku_helphcm_helphpr_helphit_helphwd_helphna_helpccy_helpcpr_helpcit_helpcna_help_KS mod_keymapBP_BPShowB MagicWordencryption_magic_wordsignature_magic_word encodePacket decodePacketEencodeSafeguarddecodeSafeguardencodeLengthPacketdecodeLengthPackete2bprunBPbtwBPerrorBPthrowBPsplitBP remainingBPpeek_remainingBPmodifyBPto_hex test_oaeptest_pss default_edefault_key_sizersa2e backupKeyKSLineLnCopyLnCopiesHeaderLnHashLnDateLnHeader secure_keylist_keyload_key load_key' load_key''loadEncryptionKeyKS_ verify_key verify_key_verify_private_key_ cleanKeyMapscanEnv'ioElu_pathmk_pathp_store p_debug_flgp_no_debug_flgp_readonly_flgp_writeback_flg p_command pi_version pi_keystore pi_initialisepi_update_settingspi_list_settingspi_list_setting_optspi_add_triggerpi_rmv_triggerpi_list_triggers pi_createpi_create_key_pair pi_securepi_listpi_infopi_show_identitypi_show_comment pi_show_date pi_show_hashpi_show_hash_commentpi_show_hash_saltpi_show_publicpi_show_secret pi_encrypt pi_decryptpi_sign pi_verify pi_delete p_trigger_id p_patternp_name p_comment p_identity p_env_var p_safeguard p_key_textp_filep_armourp_opth_infologin is_primedlookup_sessionlookup_sessionsget_pw prime_charbaseGHC.Num+- format_dumpmerge_psparsePMCommandPMCD_sample_script PMCD_collect PMCD_dumpPMCD_info_plus PMCD_info PMCD_sessions PMCD_sessionPMCD_passwords_plusPMCD_passwords PMCD_prompt PMCD_statusPMCD_delete_sessionPMCD_delete_password_plusPMCD_delete_password PMCD_selectPMCD_prime_all PMCD_prime PMCD_commentPMCD_load_plus PMCD_load PMCD_import PMCD_login PMCD_setup PMCD_versioncast_pmccast_pwactive_session cond_hashwrap_defwrapwrap'enquirepassword_validload_psload_ps_save_psload_ps' random_bytessave_ps'get_keynot_logged_in_errget_key'mk_aekmk_aek' pretty_setupset_env ssn_error command_infopi_setuppi_login pi_importpi_load pi_commentpi_prime pi_prime_all pi_selectpi_delete_passwordpi_delete_session pi_status pi_prompt pi_passwordspi_passwords_plus pi_session pi_sessionspi_dump pi_collectpi_sample_scriptp_load_commandp_delete_passwordp_info p_brief_sw p_loop_sw p_no_login_sw p_quiet_sw p_sessions_sw p_unprime_sw p_pw_id_optp_hashp_load_commentp_password_textp_pw_idp_pl_pw p_ps_comment p_secret_swp_session_name p_store_fpp_word run_parse parse_plus_pwplussifyis_plusbytestring-0.10.0.2Data.ByteString.Internal ByteStringshow_itshow_it'scan_env backup_envreportRetrieve keySectionMunch_MunchEncodingenc_henc_senc_kCODEREFORMAT _REFORMAT locate_keys key_sectionfmtrotate'lower_sections mk_section mk_section' add_signing add_password add_save_key add_trigger bu_settings signing_keysectionsbackup_passwordsgn_nmesve_nme scn_pattern unique_nme unique_nme' the_keystoreget_kdreformatscn_RFTkp_RFTh_RFT reformat_icreformat_keystorereformat_configreformat_triggersreformat_settingsreformat_patternreformat_key_map reformat_ecm reformat_sg reformat_name m_patternm_namem_savem_pw m_sectionm_section_signing m_section_keym_section_key_vrnm_section_key_host munch_vrnencodingcode_m run_munchmunch1munch_munch key2KeyDataname' $fMonadMunch$fAlternativeMunch$fApplicativeMunch$fFunctorMunchcreatesecureinfo verify_cli