/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen

  • Committer: Teddy Hogeborn
  • Date: 2008-09-03 17:34:29 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080903173429-db2mjtddf7mgbx8z
* plugins.d/password-request.xml (OVERVIEW): Refer to
                                             password-prompt(8) by
                                             name.
  (SECURITY): Improved wording.  Add paragraph about insecurity of
              ping.
  (SEE ALSO): Add references to cryptsetup(8) and crypttab(5).
              Changed to be a <variablelist> and added text.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-keygen
24
24
 
25
25
KEYDIR="/etc/mandos"
26
26
KEYTYPE=DSA
27
 
KEYLENGTH=1024
 
27
KEYLENGTH=2048
28
28
SUBKEYTYPE=ELG-E
29
29
SUBKEYLENGTH=2048
30
30
KEYNAME="`hostname --fqdn`"
56
56
  -d DIR, --dir DIR     Target directory for key files
57
57
  -t TYPE, --type TYPE  Key type.  Default is DSA.
58
58
  -l BITS, --length BITS
59
 
                        Key length in bits.  Default is 1024.
 
59
                        Key length in bits.  Default is 2048.
60
60
  -s TYPE, --subtype TYPE
61
61
                        Subkey type.  Default is ELG-E.
62
62
  -L BITS, --sublength BITS
64
64
  -n NAME, --name NAME  Name of key.  Default is the FQDN.
65
65
  -e ADDRESS, --email ADDRESS
66
66
                        Email address of key.  Default is empty.
67
 
  -c COMMENT, --comment COMMENT
 
67
  -c TEXT, --comment TEXT
68
68
                        Comment field for key.  The default value is
69
69
                        "Mandos client key".
70
70
  -x TIME, --expire TIME
75
75
Password creation options:
76
76
  -p, --password        Create an encrypted password using the keys in
77
77
                        the key directory.  All options other than
78
 
                        --keydir and --name are ignored.
 
78
                        --dir and --name are ignored.
79
79
EOF
80
80
}
81
81
 
293
293
    
294
294
    cat <<-EOF
295
295
        [$KEYNAME]
 
296
        host = $KEYNAME
296
297
        fingerprint = $FINGERPRINT
297
298
        secret =
298
299
EOF
299
300
    sed -n -e '
300
301
        /^-----BEGIN PGP MESSAGE-----$/,/^-----END PGP MESSAGE-----$/{
301
302
            /^$/,${
 
303
                # Remove 24-bit Radix-64 checksum
 
304
                s/=....$//
302
305
                # Indent four spaces
303
306
                /^[^-]/s/^/    /p
304
307
            }