/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-29 06:38:27 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080829063827-hbjl6t92tyjl5305
* mandos-clients.conf.xml (ENTITY TIMESTAMP): New.  Automatically
                                              updated by Emacs
                                              time-stamp by using
                                              Emacs local variables.
  (/refentry/refentryinfo/date): New; set to "&TIMESTAMP;".
* mandos-keygen.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.xml: - '' -
* plugins.d/password-request.xml: - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2011-08-08">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-08-29">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
10
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
11
    <title>&COMMANDNAME;</title>
13
12
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
13
    <productname>&COMMANDNAME;</productname>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
34
      <holder>Teddy Hogeborn</holder>
38
35
      <holder>Björn Påhlsson</holder>
39
36
    </copyright>
40
 
    <xi:include href="legalnotice.xml"/>
 
37
    <legalnotice>
 
38
      <para>
 
39
        This manual page is free software: you can redistribute it
 
40
        and/or modify it under the terms of the GNU General Public
 
41
        License as published by the Free Software Foundation,
 
42
        either version 3 of the License, or (at your option) any
 
43
        later version.
 
44
      </para>
 
45
 
 
46
      <para>
 
47
        This manual page is distributed in the hope that it will
 
48
        be useful, but WITHOUT ANY WARRANTY; without even the
 
49
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
50
        PARTICULAR PURPOSE.  See the GNU General Public License
 
51
        for more details.
 
52
      </para>
 
53
 
 
54
      <para>
 
55
        You should have received a copy of the GNU General Public
 
56
        License along with this program; If not, see
 
57
        <ulink url="http://www.gnu.org/licenses/"/>.
 
58
      </para>
 
59
    </legalnotice>
41
60
  </refentryinfo>
42
 
  
 
61
 
43
62
  <refmeta>
44
63
    <refentrytitle>&COMMANDNAME;</refentrytitle>
45
64
    <manvolnum>8</manvolnum>
48
67
  <refnamediv>
49
68
    <refname><command>&COMMANDNAME;</command></refname>
50
69
    <refpurpose>
51
 
      Generate key and password for Mandos client and server.
 
70
      Generate keys for <citerefentry><refentrytitle>password-request
 
71
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
52
72
    </refpurpose>
53
73
  </refnamediv>
54
 
  
 
74
 
55
75
  <refsynopsisdiv>
56
76
    <cmdsynopsis>
57
77
      <command>&COMMANDNAME;</command>
58
 
      <group>
59
 
        <arg choice="plain"><option>--dir
60
 
        <replaceable>DIRECTORY</replaceable></option></arg>
61
 
        <arg choice="plain"><option>-d
62
 
        <replaceable>DIRECTORY</replaceable></option></arg>
63
 
      </group>
64
 
      <sbr/>
65
 
      <group>
66
 
        <arg choice="plain"><option>--type
67
 
        <replaceable>KEYTYPE</replaceable></option></arg>
68
 
        <arg choice="plain"><option>-t
69
 
        <replaceable>KEYTYPE</replaceable></option></arg>
70
 
      </group>
71
 
      <sbr/>
72
 
      <group>
73
 
        <arg choice="plain"><option>--length
74
 
        <replaceable>BITS</replaceable></option></arg>
75
 
        <arg choice="plain"><option>-l
76
 
        <replaceable>BITS</replaceable></option></arg>
77
 
      </group>
78
 
      <sbr/>
79
 
      <group>
80
 
        <arg choice="plain"><option>--subtype
81
 
        <replaceable>KEYTYPE</replaceable></option></arg>
82
 
        <arg choice="plain"><option>-s
83
 
        <replaceable>KEYTYPE</replaceable></option></arg>
84
 
      </group>
85
 
      <sbr/>
86
 
      <group>
87
 
        <arg choice="plain"><option>--sublength
88
 
        <replaceable>BITS</replaceable></option></arg>
89
 
        <arg choice="plain"><option>-L
90
 
        <replaceable>BITS</replaceable></option></arg>
91
 
      </group>
92
 
      <sbr/>
93
 
      <group>
94
 
        <arg choice="plain"><option>--name
95
 
        <replaceable>NAME</replaceable></option></arg>
96
 
        <arg choice="plain"><option>-n
97
 
        <replaceable>NAME</replaceable></option></arg>
98
 
      </group>
99
 
      <sbr/>
100
 
      <group>
101
 
        <arg choice="plain"><option>--email
102
 
        <replaceable>ADDRESS</replaceable></option></arg>
103
 
        <arg choice="plain"><option>-e
104
 
        <replaceable>ADDRESS</replaceable></option></arg>
105
 
      </group>
106
 
      <sbr/>
107
 
      <group>
108
 
        <arg choice="plain"><option>--comment
109
 
        <replaceable>TEXT</replaceable></option></arg>
110
 
        <arg choice="plain"><option>-c
111
 
        <replaceable>TEXT</replaceable></option></arg>
112
 
      </group>
113
 
      <sbr/>
114
 
      <group>
115
 
        <arg choice="plain"><option>--expire
116
 
        <replaceable>TIME</replaceable></option></arg>
117
 
        <arg choice="plain"><option>-x
118
 
        <replaceable>TIME</replaceable></option></arg>
119
 
      </group>
120
 
      <sbr/>
121
 
      <arg><option>--force</option></arg>
 
78
      <group choice="opt">
 
79
        <arg choice="plain"><option>--dir</option>
 
80
        <replaceable>directory</replaceable></arg>
 
81
      </group>
 
82
      <group choice="opt">
 
83
        <arg choice="plain"><option>--type</option>
 
84
        <replaceable>type</replaceable></arg>
 
85
      </group>
 
86
      <group choice="opt">
 
87
        <arg choice="plain"><option>--length</option>
 
88
        <replaceable>bits</replaceable></arg>
 
89
      </group>
 
90
      <group choice="opt">
 
91
        <arg choice="plain"><option>--subtype</option>
 
92
        <replaceable>type</replaceable></arg>
 
93
      </group>
 
94
      <group choice="opt">
 
95
        <arg choice="plain"><option>--sublength</option>
 
96
        <replaceable>bits</replaceable></arg>
 
97
      </group>
 
98
      <group choice="opt">
 
99
        <arg choice="plain"><option>--name</option>
 
100
        <replaceable>NAME</replaceable></arg>
 
101
      </group>
 
102
      <group choice="opt">
 
103
        <arg choice="plain"><option>--email</option>
 
104
        <replaceable>EMAIL</replaceable></arg>
 
105
      </group>
 
106
      <group choice="opt">
 
107
        <arg choice="plain"><option>--comment</option>
 
108
        <replaceable>COMMENT</replaceable></arg>
 
109
      </group>
 
110
      <group choice="opt">
 
111
        <arg choice="plain"><option>--expire</option>
 
112
        <replaceable>TIME</replaceable></arg>
 
113
      </group>
 
114
      <group choice="opt">
 
115
        <arg choice="plain"><option>--force</option></arg>
 
116
      </group>
 
117
    </cmdsynopsis>
 
118
    <cmdsynopsis>
 
119
      <command>&COMMANDNAME;</command>
 
120
      <group choice="opt">
 
121
        <arg choice="plain"><option>-d</option>
 
122
        <replaceable>directory</replaceable></arg>
 
123
      </group>
 
124
      <group choice="opt">
 
125
        <arg choice="plain"><option>-t</option>
 
126
        <replaceable>type</replaceable></arg>
 
127
      </group>
 
128
      <group choice="opt">
 
129
        <arg choice="plain"><option>-l</option>
 
130
        <replaceable>bits</replaceable></arg>
 
131
      </group>
 
132
      <group choice="opt">
 
133
        <arg choice="plain"><option>-s</option>
 
134
        <replaceable>type</replaceable></arg>
 
135
      </group>
 
136
      <group choice="opt">
 
137
        <arg choice="plain"><option>-L</option>
 
138
        <replaceable>bits</replaceable></arg>
 
139
      </group>
 
140
      <group choice="opt">
 
141
        <arg choice="plain"><option>-n</option>
 
142
        <replaceable>NAME</replaceable></arg>
 
143
      </group>
 
144
      <group choice="opt">
 
145
        <arg choice="plain"><option>-e</option>
 
146
        <replaceable>EMAIL</replaceable></arg>
 
147
      </group>
 
148
      <group choice="opt">
 
149
        <arg choice="plain"><option>-c</option>
 
150
        <replaceable>COMMENT</replaceable></arg>
 
151
      </group>
 
152
      <group choice="opt">
 
153
        <arg choice="plain"><option>-x</option>
 
154
        <replaceable>TIME</replaceable></arg>
 
155
      </group>
 
156
      <group choice="opt">
 
157
        <arg choice="plain"><option>-f</option></arg>
 
158
      </group>
122
159
    </cmdsynopsis>
123
160
    <cmdsynopsis>
124
161
      <command>&COMMANDNAME;</command>
125
162
      <group choice="req">
 
163
        <arg choice="plain"><option>-p</option></arg>
126
164
        <arg choice="plain"><option>--password</option></arg>
127
 
        <arg choice="plain"><option>-p</option></arg>
128
 
        <arg choice="plain"><option>--passfile
129
 
        <replaceable>FILE</replaceable></option></arg>
130
 
        <arg choice="plain"><option>-F</option>
131
 
        <replaceable>FILE</replaceable></arg>
132
 
      </group>
133
 
      <sbr/>
134
 
      <group>
135
 
        <arg choice="plain"><option>--dir
136
 
        <replaceable>DIRECTORY</replaceable></option></arg>
137
 
        <arg choice="plain"><option>-d
138
 
        <replaceable>DIRECTORY</replaceable></option></arg>
139
 
      </group>
140
 
      <sbr/>
141
 
      <group>
142
 
        <arg choice="plain"><option>--name
143
 
        <replaceable>NAME</replaceable></option></arg>
144
 
        <arg choice="plain"><option>-n
145
 
        <replaceable>NAME</replaceable></option></arg>
 
165
      </group>
 
166
      <group choice="opt">
 
167
        <arg choice="plain"><option>--dir</option>
 
168
        <replaceable>directory</replaceable></arg>
 
169
      </group>
 
170
      <group choice="opt">
 
171
        <arg choice="plain"><option>--name</option>
 
172
        <replaceable>NAME</replaceable></arg>
146
173
      </group>
147
174
    </cmdsynopsis>
148
175
    <cmdsynopsis>
149
176
      <command>&COMMANDNAME;</command>
150
177
      <group choice="req">
 
178
        <arg choice="plain"><option>-h</option></arg>
151
179
        <arg choice="plain"><option>--help</option></arg>
152
 
        <arg choice="plain"><option>-h</option></arg>
153
180
      </group>
154
181
    </cmdsynopsis>
155
182
    <cmdsynopsis>
156
183
      <command>&COMMANDNAME;</command>
157
184
      <group choice="req">
 
185
        <arg choice="plain"><option>-v</option></arg>
158
186
        <arg choice="plain"><option>--version</option></arg>
159
 
        <arg choice="plain"><option>-v</option></arg>
160
187
      </group>
161
188
    </cmdsynopsis>
162
189
  </refsynopsisdiv>
163
 
  
 
190
 
164
191
  <refsect1 id="description">
165
192
    <title>DESCRIPTION</title>
166
193
    <para>
167
194
      <command>&COMMANDNAME;</command> is a program to generate the
168
 
      OpenPGP key used by
169
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
170
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
195
      OpenPGP keys used by
 
196
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
197
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
171
198
      normally written to /etc/mandos for later installation into the
172
 
      initrd image, but this, and most other things, can be changed
173
 
      with command line options.
 
199
      initrd image, but this, like most things, can be changed with
 
200
      command line options.
174
201
    </para>
175
202
    <para>
176
 
      This program can also be used with the
177
 
      <option>--password</option> or <option>--passfile</option>
178
 
      options to generate a ready-made section for
179
 
      <filename>clients.conf</filename> (see
 
203
      It can also be used to generate ready-made sections for
180
204
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
181
 
      <manvolnum>5</manvolnum></citerefentry>).
 
205
      <manvolnum>5</manvolnum></citerefentry> using the
 
206
      <option>--password</option> option.
182
207
    </para>
183
208
  </refsect1>
184
209
  
185
210
  <refsect1 id="purpose">
186
211
    <title>PURPOSE</title>
 
212
 
187
213
    <para>
188
214
      The purpose of this is to enable <emphasis>remote and unattended
189
215
      rebooting</emphasis> of client host computer with an
190
216
      <emphasis>encrypted root file system</emphasis>.  See <xref
191
217
      linkend="overview"/> for details.
192
218
    </para>
 
219
 
193
220
  </refsect1>
194
221
  
195
222
  <refsect1 id="options">
196
223
    <title>OPTIONS</title>
197
 
    
 
224
 
198
225
    <variablelist>
199
226
      <varlistentry>
200
 
        <term><option>--help</option></term>
201
 
        <term><option>-h</option></term>
 
227
        <term><literal>-h</literal>, <literal>--help</literal></term>
202
228
        <listitem>
203
229
          <para>
204
230
            Show a help message and exit
205
231
          </para>
206
232
        </listitem>
207
233
      </varlistentry>
208
 
      
 
234
 
209
235
      <varlistentry>
210
 
        <term><option>--dir
211
 
        <replaceable>DIRECTORY</replaceable></option></term>
212
 
        <term><option>-d
213
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
236
        <term><literal>-d</literal>, <literal>--dir
 
237
        <replaceable>directory</replaceable></literal></term>
214
238
        <listitem>
215
239
          <para>
216
240
            Target directory for key files.  Default is
218
242
          </para>
219
243
        </listitem>
220
244
      </varlistentry>
221
 
      
 
245
 
222
246
      <varlistentry>
223
 
        <term><option>--type
224
 
        <replaceable>TYPE</replaceable></option></term>
225
 
        <term><option>-t
226
 
        <replaceable>TYPE</replaceable></option></term>
 
247
        <term><literal>-t</literal>, <literal>--type
 
248
        <replaceable>type</replaceable></literal></term>
227
249
        <listitem>
228
250
          <para>
229
251
            Key type.  Default is <quote>DSA</quote>.
230
252
          </para>
231
253
        </listitem>
232
254
      </varlistentry>
233
 
      
 
255
 
234
256
      <varlistentry>
235
 
        <term><option>--length
236
 
        <replaceable>BITS</replaceable></option></term>
237
 
        <term><option>-l
238
 
        <replaceable>BITS</replaceable></option></term>
 
257
        <term><literal>-l</literal>, <literal>--length
 
258
        <replaceable>bits</replaceable></literal></term>
239
259
        <listitem>
240
260
          <para>
241
261
            Key length in bits.  Default is 2048.
242
262
          </para>
243
263
        </listitem>
244
264
      </varlistentry>
245
 
      
 
265
 
246
266
      <varlistentry>
247
 
        <term><option>--subtype
248
 
        <replaceable>KEYTYPE</replaceable></option></term>
249
 
        <term><option>-s
250
 
        <replaceable>KEYTYPE</replaceable></option></term>
 
267
        <term><literal>-s</literal>, <literal>--subtype
 
268
        <replaceable>type</replaceable></literal></term>
251
269
        <listitem>
252
270
          <para>
253
271
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
255
273
          </para>
256
274
        </listitem>
257
275
      </varlistentry>
258
 
      
 
276
 
259
277
      <varlistentry>
260
 
        <term><option>--sublength
261
 
        <replaceable>BITS</replaceable></option></term>
262
 
        <term><option>-L
263
 
        <replaceable>BITS</replaceable></option></term>
 
278
        <term><literal>-L</literal>, <literal>--sublength
 
279
        <replaceable>bits</replaceable></literal></term>
264
280
        <listitem>
265
281
          <para>
266
282
            Subkey length in bits.  Default is 2048.
267
283
          </para>
268
284
        </listitem>
269
285
      </varlistentry>
270
 
      
 
286
 
271
287
      <varlistentry>
272
 
        <term><option>--email
273
 
        <replaceable>ADDRESS</replaceable></option></term>
274
 
        <term><option>-e
275
 
        <replaceable>ADDRESS</replaceable></option></term>
 
288
        <term><literal>-e</literal>, <literal>--email</literal>
 
289
        <replaceable>address</replaceable></term>
276
290
        <listitem>
277
291
          <para>
278
292
            Email address of key.  Default is empty.
279
293
          </para>
280
294
        </listitem>
281
295
      </varlistentry>
282
 
      
 
296
 
283
297
      <varlistentry>
284
 
        <term><option>--comment
285
 
        <replaceable>TEXT</replaceable></option></term>
286
 
        <term><option>-c
287
 
        <replaceable>TEXT</replaceable></option></term>
 
298
        <term><literal>-c</literal>, <literal>--comment</literal>
 
299
        <replaceable>comment</replaceable></term>
288
300
        <listitem>
289
301
          <para>
290
302
            Comment field for key.  The default value is
292
304
          </para>
293
305
        </listitem>
294
306
      </varlistentry>
295
 
      
 
307
 
296
308
      <varlistentry>
297
 
        <term><option>--expire
298
 
        <replaceable>TIME</replaceable></option></term>
299
 
        <term><option>-x
300
 
        <replaceable>TIME</replaceable></option></term>
 
309
        <term><literal>-x</literal>, <literal>--expire</literal>
 
310
        <replaceable>time</replaceable></term>
301
311
        <listitem>
302
312
          <para>
303
313
            Key expire time.  Default is no expiration.  See
306
316
          </para>
307
317
        </listitem>
308
318
      </varlistentry>
309
 
      
 
319
 
310
320
      <varlistentry>
311
 
        <term><option>--force</option></term>
312
 
        <term><option>-f</option></term>
 
321
        <term><literal>-f</literal>, <literal>--force</literal></term>
313
322
        <listitem>
314
323
          <para>
315
 
            Force overwriting old key.
 
324
            Force overwriting old keys.
316
325
          </para>
317
326
        </listitem>
318
327
      </varlistentry>
319
328
      <varlistentry>
320
 
        <term><option>--password</option></term>
321
 
        <term><option>-p</option></term>
 
329
        <term><literal>-p</literal>, <literal>--password</literal
 
330
        ></term>
322
331
        <listitem>
323
332
          <para>
324
333
            Prompt for a password and encrypt it with the key already
330
339
            >8</manvolnum></citerefentry>.  The host name or the name
331
340
            specified with the <option>--name</option> option is used
332
341
            for the section header.  All other options are ignored,
333
 
            and no key is created.
334
 
          </para>
335
 
        </listitem>
336
 
      </varlistentry>
337
 
      <varlistentry>
338
 
        <term><option>--passfile
339
 
        <replaceable>FILE</replaceable></option></term>
340
 
        <term><option>-F
341
 
        <replaceable>FILE</replaceable></option></term>
342
 
        <listitem>
343
 
          <para>
344
 
            The same as <option>--password</option>, but read from
345
 
            <replaceable>FILE</replaceable>, not the terminal.
 
342
            and no keys are created.
346
343
          </para>
347
344
        </listitem>
348
345
      </varlistentry>
349
346
    </variablelist>
350
347
  </refsect1>
351
 
  
 
348
 
352
349
  <refsect1 id="overview">
353
350
    <title>OVERVIEW</title>
354
351
    <xi:include href="overview.xml"/>
355
352
    <para>
356
353
      This program is a small utility to generate new OpenPGP keys for
357
 
      new Mandos clients, and to generate sections for inclusion in
358
 
      <filename>clients.conf</filename> on the server.
 
354
      new Mandos clients.
359
355
    </para>
360
356
  </refsect1>
361
 
  
 
357
 
362
358
  <refsect1 id="exit_status">
363
359
    <title>EXIT STATUS</title>
364
360
    <para>
365
 
      The exit status will be 0 if a new key (or password, if the
366
 
      <option>--password</option> option was used) was successfully
367
 
      created, otherwise not.
 
361
      The exit status will be 0 if new keys were successfully created,
 
362
      otherwise not.
368
363
    </para>
369
364
  </refsect1>
370
365
  
372
367
    <title>ENVIRONMENT</title>
373
368
    <variablelist>
374
369
      <varlistentry>
375
 
        <term><envar>TMPDIR</envar></term>
 
370
        <term><varname>TMPDIR</varname></term>
376
371
        <listitem>
377
372
          <para>
378
373
            If set, temporary files will be created here. See
384
379
    </variablelist>
385
380
  </refsect1>
386
381
  
387
 
  <refsect1 id="files">
 
382
  <refsect1 id="file">
388
383
    <title>FILES</title>
389
384
    <para>
390
385
      Use the <option>--dir</option> option to change where
421
416
      </varlistentry>
422
417
    </variablelist>
423
418
  </refsect1>
424
 
  
425
 
<!--   <refsect1 id="bugs"> -->
426
 
<!--     <title>BUGS</title> -->
427
 
<!--     <para> -->
428
 
<!--     </para> -->
429
 
<!--   </refsect1> -->
430
 
  
 
419
 
 
420
  <refsect1 id="bugs">
 
421
    <title>BUGS</title>
 
422
    <para>
 
423
      None are known at this time.
 
424
    </para>
 
425
  </refsect1>
 
426
 
431
427
  <refsect1 id="example">
432
428
    <title>EXAMPLE</title>
433
429
    <informalexample>
435
431
        Normal invocation needs no options:
436
432
      </para>
437
433
      <para>
438
 
        <userinput>&COMMANDNAME;</userinput>
 
434
        <userinput>mandos-keygen</userinput>
439
435
      </para>
440
436
    </informalexample>
441
437
    <informalexample>
442
438
      <para>
443
 
        Create key in another directory and of another type.  Force
 
439
        Create keys in another directory and of another type.  Force
444
440
        overwriting old key files:
445
441
      </para>
446
442
      <para>
447
443
 
448
444
<!-- do not wrap this line -->
449
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
450
 
 
451
 
      </para>
452
 
    </informalexample>
453
 
    <informalexample>
454
 
      <para>
455
 
        Prompt for a password, encrypt it with the key in
456
 
        <filename>/etc/mandos</filename> and output a section suitable
457
 
        for <filename>clients.conf</filename>.
458
 
      </para>
459
 
      <para>
460
 
        <userinput>&COMMANDNAME; --password</userinput>
461
 
      </para>
462
 
    </informalexample>
463
 
    <informalexample>
464
 
      <para>
465
 
        Prompt for a password, encrypt it with the key in the
466
 
        <filename>client-key</filename> directory and output a section
467
 
        suitable for <filename>clients.conf</filename>.
468
 
      </para>
469
 
      <para>
470
 
 
471
 
<!-- do not wrap this line -->
472
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
445
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
473
446
 
474
447
      </para>
475
448
    </informalexample>
476
449
  </refsect1>
477
 
  
 
450
 
478
451
  <refsect1 id="security">
479
452
    <title>SECURITY</title>
480
453
    <para>
481
454
      The <option>--type</option>, <option>--length</option>,
482
455
      <option>--subtype</option>, and <option>--sublength</option>
483
 
      options can be used to create keys of low security.  If in
484
 
      doubt, leave them to the default values.
 
456
      options can be used to create keys of insufficient security.  If
 
457
      in doubt, leave them to the default values.
485
458
    </para>
486
459
    <para>
487
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
488
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
460
      The key expire time is not guaranteed to be honored by
 
461
      <citerefentry><refentrytitle>mandos</refentrytitle>
489
462
      <manvolnum>8</manvolnum></citerefentry>.
490
463
    </para>
491
464
  </refsect1>
492
 
  
 
465
 
493
466
  <refsect1 id="see_also">
494
467
    <title>SEE ALSO</title>
495
468
    <para>
496
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
469
      <citerefentry><refentrytitle>password-request</refentrytitle>
497
470
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
471
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
472
      <manvolnum>8</manvolnum></citerefentry>,
498
473
      <citerefentry><refentrytitle>gpg</refentrytitle>
499
 
      <manvolnum>1</manvolnum></citerefentry>,
500
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
501
 
      <manvolnum>5</manvolnum></citerefentry>,
502
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
503
 
      <manvolnum>8</manvolnum></citerefentry>,
504
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
505
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
474
      <manvolnum>1</manvolnum></citerefentry>
506
475
    </para>
507
476
  </refsect1>
508
477