/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-29 05:53:59 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080829055359-wkdasnyxtylmnxus
* mandos.xml (EXAMPLE): Replaced all occurences of command name with
                        "&COMMANDNAME;".

* plugins.d/password-prompt.c (main): Improved some documentation
                                      strings.  Do perror() of
                                      tcgetattr() fails.  Add debug
                                      output if interrupted by signal.
                                      Loop over write() instead of
                                      using fwrite() when outputting
                                      password.  Add debug output if
                                      getline() returns 0, unless it
                                      was caused by a signal.  Add
                                      exit status code to debug
                                      output.

* plugins.d/password-prompt.xml: Changed all single quotes to double
                                 quotes for consistency.  Removed
                                 <?xml-stylesheet>.
  (ENTITY TIMESTAMP): New.  Automatically updated by Emacs time-stamp
                      by using Emacs local variables.
  (/refentry/refentryinfo/title): Changed to "Mandos Manual".
  (/refentry/refentryinfo/productname): Changed to "Mandos".
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
  (/refentry/refentryinfo/copyright): Split copyright holders.
  (/refentry/refnamediv/refpurpose): Improved wording.
  (SYNOPSIS): Fix to use correct markup.  Add short options.
  (DESCRIPTION, OPTIONS): Improved wording.
  (OPTIONS): Improved wording.  Use more correct markup.  Document
             short options.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Document use of "cryptsource" and "crypttarget".
  (FILES): REMOVED.
  (BUGS): Add text.
  (EXAMPLE): Added some examples.
  (SECURITY): Added text.
  (SEE ALSO): Remove reference to mandos(8).  Add reference to
              crypttab(5).

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2008-10-03">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
35
32
      <holder>Teddy Hogeborn</holder>
36
33
      <holder>Björn Påhlsson</holder>
37
34
    </copyright>
38
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
39
58
  </refentryinfo>
40
 
  
 
59
 
41
60
  <refmeta>
42
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
43
62
    <manvolnum>8</manvolnum>
46
65
  <refnamediv>
47
66
    <refname><command>&COMMANDNAME;</command></refname>
48
67
    <refpurpose>
49
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
50
70
    </refpurpose>
51
71
  </refnamediv>
52
 
  
 
72
 
53
73
  <refsynopsisdiv>
54
74
    <cmdsynopsis>
55
75
      <command>&COMMANDNAME;</command>
56
 
      <group>
57
 
        <arg choice="plain"><option>--dir
58
 
        <replaceable>DIRECTORY</replaceable></option></arg>
59
 
        <arg choice="plain"><option>-d
60
 
        <replaceable>DIRECTORY</replaceable></option></arg>
61
 
      </group>
62
 
      <sbr/>
63
 
      <group>
64
 
        <arg choice="plain"><option>--type
65
 
        <replaceable>KEYTYPE</replaceable></option></arg>
66
 
        <arg choice="plain"><option>-t
67
 
        <replaceable>KEYTYPE</replaceable></option></arg>
68
 
      </group>
69
 
      <sbr/>
70
 
      <group>
71
 
        <arg choice="plain"><option>--length
72
 
        <replaceable>BITS</replaceable></option></arg>
73
 
        <arg choice="plain"><option>-l
74
 
        <replaceable>BITS</replaceable></option></arg>
75
 
      </group>
76
 
      <sbr/>
77
 
      <group>
78
 
        <arg choice="plain"><option>--subtype
79
 
        <replaceable>KEYTYPE</replaceable></option></arg>
80
 
        <arg choice="plain"><option>-s
81
 
        <replaceable>KEYTYPE</replaceable></option></arg>
82
 
      </group>
83
 
      <sbr/>
84
 
      <group>
85
 
        <arg choice="plain"><option>--sublength
86
 
        <replaceable>BITS</replaceable></option></arg>
87
 
        <arg choice="plain"><option>-L
88
 
        <replaceable>BITS</replaceable></option></arg>
89
 
      </group>
90
 
      <sbr/>
91
 
      <group>
92
 
        <arg choice="plain"><option>--name
93
 
        <replaceable>NAME</replaceable></option></arg>
94
 
        <arg choice="plain"><option>-n
95
 
        <replaceable>NAME</replaceable></option></arg>
96
 
      </group>
97
 
      <sbr/>
98
 
      <group>
99
 
        <arg choice="plain"><option>--email
100
 
        <replaceable>ADDRESS</replaceable></option></arg>
101
 
        <arg choice="plain"><option>-e
102
 
        <replaceable>ADDRESS</replaceable></option></arg>
103
 
      </group>
104
 
      <sbr/>
105
 
      <group>
106
 
        <arg choice="plain"><option>--comment
107
 
        <replaceable>TEXT</replaceable></option></arg>
108
 
        <arg choice="plain"><option>-c
109
 
        <replaceable>TEXT</replaceable></option></arg>
110
 
      </group>
111
 
      <sbr/>
112
 
      <group>
113
 
        <arg choice="plain"><option>--expire
114
 
        <replaceable>TIME</replaceable></option></arg>
115
 
        <arg choice="plain"><option>-x
116
 
        <replaceable>TIME</replaceable></option></arg>
117
 
      </group>
118
 
      <sbr/>
119
 
      <arg><option>--force</option></arg>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
 
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
 
155
        <arg choice="plain"><option>-f</option></arg>
 
156
      </group>
120
157
    </cmdsynopsis>
121
158
    <cmdsynopsis>
122
159
      <command>&COMMANDNAME;</command>
123
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
124
162
        <arg choice="plain"><option>--password</option></arg>
125
 
        <arg choice="plain"><option>-p</option></arg>
126
 
        <arg choice="plain"><option>--passfile
127
 
        <replaceable>FILE</replaceable></option></arg>
128
 
        <arg choice="plain"><option>-F</option>
129
 
        <replaceable>FILE</replaceable></arg>
130
 
      </group>
131
 
      <sbr/>
132
 
      <group>
133
 
        <arg choice="plain"><option>--dir
134
 
        <replaceable>DIRECTORY</replaceable></option></arg>
135
 
        <arg choice="plain"><option>-d
136
 
        <replaceable>DIRECTORY</replaceable></option></arg>
137
 
      </group>
138
 
      <sbr/>
139
 
      <group>
140
 
        <arg choice="plain"><option>--name
141
 
        <replaceable>NAME</replaceable></option></arg>
142
 
        <arg choice="plain"><option>-n
143
 
        <replaceable>NAME</replaceable></option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
144
171
      </group>
145
172
    </cmdsynopsis>
146
173
    <cmdsynopsis>
147
174
      <command>&COMMANDNAME;</command>
148
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
149
177
        <arg choice="plain"><option>--help</option></arg>
150
 
        <arg choice="plain"><option>-h</option></arg>
151
178
      </group>
152
179
    </cmdsynopsis>
153
180
    <cmdsynopsis>
154
181
      <command>&COMMANDNAME;</command>
155
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
156
184
        <arg choice="plain"><option>--version</option></arg>
157
 
        <arg choice="plain"><option>-v</option></arg>
158
185
      </group>
159
186
    </cmdsynopsis>
160
187
  </refsynopsisdiv>
161
 
  
 
188
 
162
189
  <refsect1 id="description">
163
190
    <title>DESCRIPTION</title>
164
191
    <para>
165
192
      <command>&COMMANDNAME;</command> is a program to generate the
166
 
      OpenPGP key used by
167
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
168
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
169
196
      normally written to /etc/mandos for later installation into the
170
 
      initrd image, but this, and most other things, can be changed
171
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
172
199
    </para>
173
200
    <para>
174
 
      This program can also be used with the
175
 
      <option>--password</option> or <option>--passfile</option>
176
 
      options to generate a ready-made section for
177
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
178
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
179
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
180
205
    </para>
181
206
  </refsect1>
182
207
  
183
208
  <refsect1 id="purpose">
184
209
    <title>PURPOSE</title>
 
210
 
185
211
    <para>
186
212
      The purpose of this is to enable <emphasis>remote and unattended
187
213
      rebooting</emphasis> of client host computer with an
188
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
189
215
      linkend="overview"/> for details.
190
216
    </para>
 
217
 
191
218
  </refsect1>
192
219
  
193
220
  <refsect1 id="options">
194
221
    <title>OPTIONS</title>
195
 
    
 
222
 
196
223
    <variablelist>
197
224
      <varlistentry>
198
 
        <term><option>--help</option></term>
199
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
200
226
        <listitem>
201
227
          <para>
202
228
            Show a help message and exit
203
229
          </para>
204
230
        </listitem>
205
231
      </varlistentry>
206
 
      
 
232
 
207
233
      <varlistentry>
208
 
        <term><option>--dir
209
 
        <replaceable>DIRECTORY</replaceable></option></term>
210
 
        <term><option>-d
211
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
212
236
        <listitem>
213
237
          <para>
214
238
            Target directory for key files.  Default is
216
240
          </para>
217
241
        </listitem>
218
242
      </varlistentry>
219
 
      
 
243
 
220
244
      <varlistentry>
221
 
        <term><option>--type
222
 
        <replaceable>TYPE</replaceable></option></term>
223
 
        <term><option>-t
224
 
        <replaceable>TYPE</replaceable></option></term>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
225
247
        <listitem>
226
248
          <para>
227
249
            Key type.  Default is <quote>DSA</quote>.
228
250
          </para>
229
251
        </listitem>
230
252
      </varlistentry>
231
 
      
 
253
 
232
254
      <varlistentry>
233
 
        <term><option>--length
234
 
        <replaceable>BITS</replaceable></option></term>
235
 
        <term><option>-l
236
 
        <replaceable>BITS</replaceable></option></term>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
237
257
        <listitem>
238
258
          <para>
239
259
            Key length in bits.  Default is 2048.
240
260
          </para>
241
261
        </listitem>
242
262
      </varlistentry>
243
 
      
 
263
 
244
264
      <varlistentry>
245
 
        <term><option>--subtype
246
 
        <replaceable>KEYTYPE</replaceable></option></term>
247
 
        <term><option>-s
248
 
        <replaceable>KEYTYPE</replaceable></option></term>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
249
267
        <listitem>
250
268
          <para>
251
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
253
271
          </para>
254
272
        </listitem>
255
273
      </varlistentry>
256
 
      
 
274
 
257
275
      <varlistentry>
258
 
        <term><option>--sublength
259
 
        <replaceable>BITS</replaceable></option></term>
260
 
        <term><option>-L
261
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
262
278
        <listitem>
263
279
          <para>
264
280
            Subkey length in bits.  Default is 2048.
265
281
          </para>
266
282
        </listitem>
267
283
      </varlistentry>
268
 
      
 
284
 
269
285
      <varlistentry>
270
 
        <term><option>--email
271
 
        <replaceable>ADDRESS</replaceable></option></term>
272
 
        <term><option>-e
273
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
274
288
        <listitem>
275
289
          <para>
276
290
            Email address of key.  Default is empty.
277
291
          </para>
278
292
        </listitem>
279
293
      </varlistentry>
280
 
      
 
294
 
281
295
      <varlistentry>
282
 
        <term><option>--comment
283
 
        <replaceable>TEXT</replaceable></option></term>
284
 
        <term><option>-c
285
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
286
298
        <listitem>
287
299
          <para>
288
300
            Comment field for key.  The default value is
290
302
          </para>
291
303
        </listitem>
292
304
      </varlistentry>
293
 
      
 
305
 
294
306
      <varlistentry>
295
 
        <term><option>--expire
296
 
        <replaceable>TIME</replaceable></option></term>
297
 
        <term><option>-x
298
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
299
309
        <listitem>
300
310
          <para>
301
311
            Key expire time.  Default is no expiration.  See
304
314
          </para>
305
315
        </listitem>
306
316
      </varlistentry>
307
 
      
 
317
 
308
318
      <varlistentry>
309
 
        <term><option>--force</option></term>
310
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
311
320
        <listitem>
312
321
          <para>
313
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
314
323
          </para>
315
324
        </listitem>
316
325
      </varlistentry>
317
326
      <varlistentry>
318
 
        <term><option>--password</option></term>
319
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
320
329
        <listitem>
321
330
          <para>
322
331
            Prompt for a password and encrypt it with the key already
328
337
            >8</manvolnum></citerefentry>.  The host name or the name
329
338
            specified with the <option>--name</option> option is used
330
339
            for the section header.  All other options are ignored,
331
 
            and no key is created.
332
 
          </para>
333
 
        </listitem>
334
 
      </varlistentry>
335
 
      <varlistentry>
336
 
        <term><option>--passfile
337
 
        <replaceable>FILE</replaceable></option></term>
338
 
        <term><option>-F
339
 
        <replaceable>FILE</replaceable></option></term>
340
 
        <listitem>
341
 
          <para>
342
 
            The same as <option>--password</option>, but read from
343
 
            <replaceable>FILE</replaceable>, not the terminal.
 
340
            and no keys are created.
344
341
          </para>
345
342
        </listitem>
346
343
      </varlistentry>
347
344
    </variablelist>
348
345
  </refsect1>
349
 
  
 
346
 
350
347
  <refsect1 id="overview">
351
348
    <title>OVERVIEW</title>
352
349
    <xi:include href="overview.xml"/>
353
350
    <para>
354
351
      This program is a small utility to generate new OpenPGP keys for
355
 
      new Mandos clients, and to generate sections for inclusion in
356
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
357
353
    </para>
358
354
  </refsect1>
359
 
  
 
355
 
360
356
  <refsect1 id="exit_status">
361
357
    <title>EXIT STATUS</title>
362
358
    <para>
363
 
      The exit status will be 0 if a new key (or password, if the
364
 
      <option>--password</option> option was used) was successfully
365
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
366
361
    </para>
367
362
  </refsect1>
368
363
  
370
365
    <title>ENVIRONMENT</title>
371
366
    <variablelist>
372
367
      <varlistentry>
373
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
374
369
        <listitem>
375
370
          <para>
376
371
            If set, temporary files will be created here. See
382
377
    </variablelist>
383
378
  </refsect1>
384
379
  
385
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
386
381
    <title>FILES</title>
387
382
    <para>
388
383
      Use the <option>--dir</option> option to change where
419
414
      </varlistentry>
420
415
    </variablelist>
421
416
  </refsect1>
422
 
  
423
 
<!--   <refsect1 id="bugs"> -->
424
 
<!--     <title>BUGS</title> -->
425
 
<!--     <para> -->
426
 
<!--     </para> -->
427
 
<!--   </refsect1> -->
428
 
  
 
417
 
 
418
  <refsect1 id="bugs">
 
419
    <title>BUGS</title>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
 
423
  </refsect1>
 
424
 
429
425
  <refsect1 id="example">
430
426
    <title>EXAMPLE</title>
431
427
    <informalexample>
433
429
        Normal invocation needs no options:
434
430
      </para>
435
431
      <para>
436
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
437
433
      </para>
438
434
    </informalexample>
439
435
    <informalexample>
440
436
      <para>
441
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
442
438
        overwriting old key files:
443
439
      </para>
444
440
      <para>
445
441
 
446
442
<!-- do not wrap this line -->
447
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
448
 
 
449
 
      </para>
450
 
    </informalexample>
451
 
    <informalexample>
452
 
      <para>
453
 
        Prompt for a password, encrypt it with the key in
454
 
        <filename>/etc/mandos</filename> and output a section suitable
455
 
        for <filename>clients.conf</filename>.
456
 
      </para>
457
 
      <para>
458
 
        <userinput>&COMMANDNAME; --password</userinput>
459
 
      </para>
460
 
    </informalexample>
461
 
    <informalexample>
462
 
      <para>
463
 
        Prompt for a password, encrypt it with the key in the
464
 
        <filename>client-key</filename> directory and output a section
465
 
        suitable for <filename>clients.conf</filename>.
466
 
      </para>
467
 
      <para>
468
 
 
469
 
<!-- do not wrap this line -->
470
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
471
444
 
472
445
      </para>
473
446
    </informalexample>
474
447
  </refsect1>
475
 
  
 
448
 
476
449
  <refsect1 id="security">
477
450
    <title>SECURITY</title>
478
451
    <para>
479
452
      The <option>--type</option>, <option>--length</option>,
480
453
      <option>--subtype</option>, and <option>--sublength</option>
481
 
      options can be used to create keys of low security.  If in
482
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
483
456
    </para>
484
457
    <para>
485
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
486
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
487
460
      <manvolnum>8</manvolnum></citerefentry>.
488
461
    </para>
489
462
  </refsect1>
490
 
  
 
463
 
491
464
  <refsect1 id="see_also">
492
465
    <title>SEE ALSO</title>
493
466
    <para>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
494
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
495
 
      <manvolnum>1</manvolnum></citerefentry>,
496
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
497
 
      <manvolnum>5</manvolnum></citerefentry>,
498
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
499
 
      <manvolnum>8</manvolnum></citerefentry>,
500
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
501
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
472
      <manvolnum>1</manvolnum></citerefentry>
502
473
    </para>
503
474
  </refsect1>
504
475
  
505
476
</refentry>
506
 
<!-- Local Variables: -->
507
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
508
 
<!-- time-stamp-end: "[\"']>" -->
509
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
510
 
<!-- End: -->