/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-27 09:23:56 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150727092356-65ul6jsiozlkjw4e
Debian bug fix for mandos-client: Remove dhparams.pem on purge.

* debian/mandos-client.postrm (purge): Bug fix: Remove dhparams.pem.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos-keygen">
 
5
<!ENTITY TIMESTAMP "2015-07-20">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
6
8
]>
7
9
 
8
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
9
11
  <refentryinfo>
10
 
    <title>&COMMANDNAME;</title>
 
12
    <title>Mandos Manual</title>
11
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
12
 
    <productname>&COMMANDNAME;</productname>
13
 
    <productnumber>&VERSION;</productnumber>
 
14
    <productname>Mandos</productname>
 
15
    <productnumber>&version;</productnumber>
 
16
    <date>&TIMESTAMP;</date>
14
17
    <authorgroup>
15
18
      <author>
16
19
        <firstname>Björn</firstname>
17
20
        <surname>Påhlsson</surname>
18
21
        <address>
19
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
20
23
        </address>
21
24
      </author>
22
25
      <author>
23
26
        <firstname>Teddy</firstname>
24
27
        <surname>Hogeborn</surname>
25
28
        <address>
26
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
27
30
        </address>
28
31
      </author>
29
32
    </authorgroup>
30
33
    <copyright>
31
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
32
42
      <holder>Teddy Hogeborn</holder>
33
43
      <holder>Björn Påhlsson</holder>
34
44
    </copyright>
35
 
    <legalnotice>
36
 
      <para>
37
 
        This manual page is free software: you can redistribute it
38
 
        and/or modify it under the terms of the GNU General Public
39
 
        License as published by the Free Software Foundation,
40
 
        either version 3 of the License, or (at your option) any
41
 
        later version.
42
 
      </para>
43
 
 
44
 
      <para>
45
 
        This manual page is distributed in the hope that it will
46
 
        be useful, but WITHOUT ANY WARRANTY; without even the
47
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
48
 
        PARTICULAR PURPOSE.  See the GNU General Public License
49
 
        for more details.
50
 
      </para>
51
 
 
52
 
      <para>
53
 
        You should have received a copy of the GNU General Public
54
 
        License along with this program; If not, see
55
 
        <ulink url="http://www.gnu.org/licenses/"/>.
56
 
      </para>
57
 
    </legalnotice>
 
45
    <xi:include href="legalnotice.xml"/>
58
46
  </refentryinfo>
59
 
 
 
47
  
60
48
  <refmeta>
61
49
    <refentrytitle>&COMMANDNAME;</refentrytitle>
62
50
    <manvolnum>8</manvolnum>
65
53
  <refnamediv>
66
54
    <refname><command>&COMMANDNAME;</command></refname>
67
55
    <refpurpose>
68
 
      Generate keys for <citerefentry><refentrytitle>password-request
69
 
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
 
56
      Generate key and password for Mandos client and server.
70
57
    </refpurpose>
71
58
  </refnamediv>
72
 
 
 
59
  
73
60
  <refsynopsisdiv>
74
61
    <cmdsynopsis>
75
62
      <command>&COMMANDNAME;</command>
76
 
      <group choice="opt">
77
 
        <arg choice="plain"><option>--dir</option>
78
 
        <replaceable>directory</replaceable></arg>
79
 
      </group>
80
 
      <group choice="opt">
81
 
        <arg choice="plain"><option>--type</option>
82
 
        <replaceable>type</replaceable></arg>
83
 
      </group>
84
 
      <group choice="opt">
85
 
        <arg choice="plain"><option>--length</option>
86
 
        <replaceable>bits</replaceable></arg>
87
 
      </group>
88
 
      <group choice="opt">
89
 
        <arg choice="plain"><option>--subtype</option>
90
 
        <replaceable>type</replaceable></arg>
91
 
      </group>
92
 
      <group choice="opt">
93
 
        <arg choice="plain"><option>--sublength</option>
94
 
        <replaceable>bits</replaceable></arg>
95
 
      </group>
96
 
      <group choice="opt">
97
 
        <arg choice="plain"><option>--name</option>
98
 
        <replaceable>NAME</replaceable></arg>
99
 
      </group>
100
 
      <group choice="opt">
101
 
        <arg choice="plain"><option>--email</option>
102
 
        <replaceable>EMAIL</replaceable></arg>
103
 
      </group>
104
 
      <group choice="opt">
105
 
        <arg choice="plain"><option>--comment</option>
106
 
        <replaceable>COMMENT</replaceable></arg>
107
 
      </group>
108
 
      <group choice="opt">
109
 
        <arg choice="plain"><option>--expire</option>
110
 
        <replaceable>TIME</replaceable></arg>
111
 
      </group>
112
 
      <group choice="opt">
 
63
      <group>
 
64
        <arg choice="plain"><option>--dir
 
65
        <replaceable>DIRECTORY</replaceable></option></arg>
 
66
        <arg choice="plain"><option>-d
 
67
        <replaceable>DIRECTORY</replaceable></option></arg>
 
68
      </group>
 
69
      <sbr/>
 
70
      <group>
 
71
        <arg choice="plain"><option>--type
 
72
        <replaceable>KEYTYPE</replaceable></option></arg>
 
73
        <arg choice="plain"><option>-t
 
74
        <replaceable>KEYTYPE</replaceable></option></arg>
 
75
      </group>
 
76
      <sbr/>
 
77
      <group>
 
78
        <arg choice="plain"><option>--length
 
79
        <replaceable>BITS</replaceable></option></arg>
 
80
        <arg choice="plain"><option>-l
 
81
        <replaceable>BITS</replaceable></option></arg>
 
82
      </group>
 
83
      <sbr/>
 
84
      <group>
 
85
        <arg choice="plain"><option>--subtype
 
86
        <replaceable>KEYTYPE</replaceable></option></arg>
 
87
        <arg choice="plain"><option>-s
 
88
        <replaceable>KEYTYPE</replaceable></option></arg>
 
89
      </group>
 
90
      <sbr/>
 
91
      <group>
 
92
        <arg choice="plain"><option>--sublength
 
93
        <replaceable>BITS</replaceable></option></arg>
 
94
        <arg choice="plain"><option>-L
 
95
        <replaceable>BITS</replaceable></option></arg>
 
96
      </group>
 
97
      <sbr/>
 
98
      <group>
 
99
        <arg choice="plain"><option>--name
 
100
        <replaceable>NAME</replaceable></option></arg>
 
101
        <arg choice="plain"><option>-n
 
102
        <replaceable>NAME</replaceable></option></arg>
 
103
      </group>
 
104
      <sbr/>
 
105
      <group>
 
106
        <arg choice="plain"><option>--email
 
107
        <replaceable>ADDRESS</replaceable></option></arg>
 
108
        <arg choice="plain"><option>-e
 
109
        <replaceable>ADDRESS</replaceable></option></arg>
 
110
      </group>
 
111
      <sbr/>
 
112
      <group>
 
113
        <arg choice="plain"><option>--comment
 
114
        <replaceable>TEXT</replaceable></option></arg>
 
115
        <arg choice="plain"><option>-c
 
116
        <replaceable>TEXT</replaceable></option></arg>
 
117
      </group>
 
118
      <sbr/>
 
119
      <group>
 
120
        <arg choice="plain"><option>--expire
 
121
        <replaceable>TIME</replaceable></option></arg>
 
122
        <arg choice="plain"><option>-x
 
123
        <replaceable>TIME</replaceable></option></arg>
 
124
      </group>
 
125
      <sbr/>
 
126
      <group>
113
127
        <arg choice="plain"><option>--force</option></arg>
114
 
      </group>
115
 
    </cmdsynopsis>
116
 
    <cmdsynopsis>
117
 
      <command>&COMMANDNAME;</command>
118
 
      <group choice="opt">
119
 
        <arg choice="plain"><option>-d</option>
120
 
        <replaceable>directory</replaceable></arg>
121
 
      </group>
122
 
      <group choice="opt">
123
 
        <arg choice="plain"><option>-t</option>
124
 
        <replaceable>type</replaceable></arg>
125
 
      </group>
126
 
      <group choice="opt">
127
 
        <arg choice="plain"><option>-l</option>
128
 
        <replaceable>bits</replaceable></arg>
129
 
      </group>
130
 
      <group choice="opt">
131
 
        <arg choice="plain"><option>-s</option>
132
 
        <replaceable>type</replaceable></arg>
133
 
      </group>
134
 
      <group choice="opt">
135
 
        <arg choice="plain"><option>-L</option>
136
 
        <replaceable>bits</replaceable></arg>
137
 
      </group>
138
 
      <group choice="opt">
139
 
        <arg choice="plain"><option>-n</option>
140
 
        <replaceable>NAME</replaceable></arg>
141
 
      </group>
142
 
      <group choice="opt">
143
 
        <arg choice="plain"><option>-e</option>
144
 
        <replaceable>EMAIL</replaceable></arg>
145
 
      </group>
146
 
      <group choice="opt">
147
 
        <arg choice="plain"><option>-c</option>
148
 
        <replaceable>COMMENT</replaceable></arg>
149
 
      </group>
150
 
      <group choice="opt">
151
 
        <arg choice="plain"><option>-x</option>
152
 
        <replaceable>TIME</replaceable></arg>
153
 
      </group>
154
 
      <group choice="opt">
155
128
        <arg choice="plain"><option>-f</option></arg>
156
129
      </group>
157
130
    </cmdsynopsis>
158
131
    <cmdsynopsis>
159
132
      <command>&COMMANDNAME;</command>
160
133
      <group choice="req">
 
134
        <arg choice="plain"><option>--password</option></arg>
 
135
        <arg choice="plain"><option>-p</option></arg>
 
136
        <arg choice="plain"><option>--passfile
 
137
        <replaceable>FILE</replaceable></option></arg>
 
138
        <arg choice="plain"><option>-F</option>
 
139
        <replaceable>FILE</replaceable></arg>
 
140
      </group>
 
141
      <sbr/>
 
142
      <group>
 
143
        <arg choice="plain"><option>--dir
 
144
        <replaceable>DIRECTORY</replaceable></option></arg>
 
145
        <arg choice="plain"><option>-d
 
146
        <replaceable>DIRECTORY</replaceable></option></arg>
 
147
      </group>
 
148
      <sbr/>
 
149
      <group>
 
150
        <arg choice="plain"><option>--name
 
151
        <replaceable>NAME</replaceable></option></arg>
 
152
        <arg choice="plain"><option>-n
 
153
        <replaceable>NAME</replaceable></option></arg>
 
154
      </group>
 
155
      <group>
 
156
        <arg choice="plain"><option>--no-ssh</option></arg>
 
157
        <arg choice="plain"><option>-S</option></arg>
 
158
      </group>
 
159
    </cmdsynopsis>
 
160
    <cmdsynopsis>
 
161
      <command>&COMMANDNAME;</command>
 
162
      <group choice="req">
 
163
        <arg choice="plain"><option>--help</option></arg>
161
164
        <arg choice="plain"><option>-h</option></arg>
162
 
        <arg choice="plain"><option>--help</option></arg>
163
165
      </group>
164
166
    </cmdsynopsis>
165
167
    <cmdsynopsis>
166
168
      <command>&COMMANDNAME;</command>
167
169
      <group choice="req">
 
170
        <arg choice="plain"><option>--version</option></arg>
168
171
        <arg choice="plain"><option>-v</option></arg>
169
 
        <arg choice="plain"><option>--version</option></arg>
170
172
      </group>
171
173
    </cmdsynopsis>
172
174
  </refsynopsisdiv>
173
 
 
 
175
  
174
176
  <refsect1 id="description">
175
177
    <title>DESCRIPTION</title>
176
178
    <para>
177
179
      <command>&COMMANDNAME;</command> is a program to generate the
178
 
      OpenPGP keys used by
179
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
180
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
 
180
      OpenPGP key used by
 
181
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
182
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
181
183
      normally written to /etc/mandos for later installation into the
182
 
      initrd image, but this, like most things, can be changed with
183
 
      command line options.
 
184
      initrd image, but this, and most other things, can be changed
 
185
      with command line options.
 
186
    </para>
 
187
    <para>
 
188
      This program can also be used with the
 
189
      <option>--password</option> or <option>--passfile</option>
 
190
      options to generate a ready-made section for
 
191
      <filename>clients.conf</filename> (see
 
192
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
193
      <manvolnum>5</manvolnum></citerefentry>).
184
194
    </para>
185
195
  </refsect1>
186
196
  
187
197
  <refsect1 id="purpose">
188
198
    <title>PURPOSE</title>
189
 
 
190
199
    <para>
191
200
      The purpose of this is to enable <emphasis>remote and unattended
192
201
      rebooting</emphasis> of client host computer with an
193
202
      <emphasis>encrypted root file system</emphasis>.  See <xref
194
203
      linkend="overview"/> for details.
195
204
    </para>
196
 
 
197
205
  </refsect1>
198
206
  
199
207
  <refsect1 id="options">
200
208
    <title>OPTIONS</title>
201
 
 
 
209
    
202
210
    <variablelist>
203
211
      <varlistentry>
204
 
        <term><literal>-h</literal>, <literal>--help</literal></term>
 
212
        <term><option>--help</option></term>
 
213
        <term><option>-h</option></term>
205
214
        <listitem>
206
215
          <para>
207
216
            Show a help message and exit
208
217
          </para>
209
218
        </listitem>
210
219
      </varlistentry>
211
 
 
212
 
      <varlistentry>
213
 
        <term><literal>-d</literal>, <literal>--dir
214
 
        <replaceable>directory</replaceable></literal></term>
215
 
        <listitem>
216
 
          <para>
217
 
            Target directory for key files.
218
 
          </para>
219
 
        </listitem>
220
 
      </varlistentry>
221
 
 
222
 
      <varlistentry>
223
 
        <term><literal>-t</literal>, <literal>--type
224
 
        <replaceable>type</replaceable></literal></term>
225
 
        <listitem>
226
 
          <para>
227
 
            Key type.  Default is <quote>DSA</quote>.
228
 
          </para>
229
 
        </listitem>
230
 
      </varlistentry>
231
 
 
232
 
      <varlistentry>
233
 
        <term><literal>-l</literal>, <literal>--length
234
 
        <replaceable>bits</replaceable></literal></term>
235
 
        <listitem>
236
 
          <para>
237
 
            Key length in bits.  Default is 1024.
238
 
          </para>
239
 
        </listitem>
240
 
      </varlistentry>
241
 
 
242
 
      <varlistentry>
243
 
        <term><literal>-s</literal>, <literal>--subtype
244
 
        <replaceable>type</replaceable></literal></term>
245
 
        <listitem>
246
 
          <para>
247
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
 
220
      
 
221
      <varlistentry>
 
222
        <term><option>--dir
 
223
        <replaceable>DIRECTORY</replaceable></option></term>
 
224
        <term><option>-d
 
225
        <replaceable>DIRECTORY</replaceable></option></term>
 
226
        <listitem>
 
227
          <para>
 
228
            Target directory for key files.  Default is
 
229
            <filename class="directory">/etc/mandos</filename>.
 
230
          </para>
 
231
        </listitem>
 
232
      </varlistentry>
 
233
      
 
234
      <varlistentry>
 
235
        <term><option>--type
 
236
        <replaceable>TYPE</replaceable></option></term>
 
237
        <term><option>-t
 
238
        <replaceable>TYPE</replaceable></option></term>
 
239
        <listitem>
 
240
          <para>
 
241
            Key type.  Default is <quote>RSA</quote>.
 
242
          </para>
 
243
        </listitem>
 
244
      </varlistentry>
 
245
      
 
246
      <varlistentry>
 
247
        <term><option>--length
 
248
        <replaceable>BITS</replaceable></option></term>
 
249
        <term><option>-l
 
250
        <replaceable>BITS</replaceable></option></term>
 
251
        <listitem>
 
252
          <para>
 
253
            Key length in bits.  Default is 4096.
 
254
          </para>
 
255
        </listitem>
 
256
      </varlistentry>
 
257
      
 
258
      <varlistentry>
 
259
        <term><option>--subtype
 
260
        <replaceable>KEYTYPE</replaceable></option></term>
 
261
        <term><option>-s
 
262
        <replaceable>KEYTYPE</replaceable></option></term>
 
263
        <listitem>
 
264
          <para>
 
265
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
248
266
            encryption-only).
249
267
          </para>
250
268
        </listitem>
251
269
      </varlistentry>
252
 
 
 
270
      
253
271
      <varlistentry>
254
 
        <term><literal>-L</literal>, <literal>--sublength
255
 
        <replaceable>bits</replaceable></literal></term>
 
272
        <term><option>--sublength
 
273
        <replaceable>BITS</replaceable></option></term>
 
274
        <term><option>-L
 
275
        <replaceable>BITS</replaceable></option></term>
256
276
        <listitem>
257
277
          <para>
258
 
            Subkey length in bits.  Default is 2048.
 
278
            Subkey length in bits.  Default is 4096.
259
279
          </para>
260
280
        </listitem>
261
281
      </varlistentry>
262
 
 
 
282
      
263
283
      <varlistentry>
264
 
        <term><literal>-e</literal>, <literal>--email</literal>
265
 
        <replaceable>address</replaceable></term>
 
284
        <term><option>--email
 
285
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><option>-e
 
287
        <replaceable>ADDRESS</replaceable></option></term>
266
288
        <listitem>
267
289
          <para>
268
290
            Email address of key.  Default is empty.
269
291
          </para>
270
292
        </listitem>
271
293
      </varlistentry>
272
 
 
 
294
      
273
295
      <varlistentry>
274
 
        <term><literal>-c</literal>, <literal>--comment</literal>
275
 
        <replaceable>comment</replaceable></term>
 
296
        <term><option>--comment
 
297
        <replaceable>TEXT</replaceable></option></term>
 
298
        <term><option>-c
 
299
        <replaceable>TEXT</replaceable></option></term>
276
300
        <listitem>
277
301
          <para>
278
 
            Comment field for key.  The default value is
279
 
            <quote><literal>Mandos client key</literal></quote>.
 
302
            Comment field for key.  Default is empty.
280
303
          </para>
281
304
        </listitem>
282
305
      </varlistentry>
283
 
 
 
306
      
284
307
      <varlistentry>
285
 
        <term><literal>-x</literal>, <literal>--expire</literal>
286
 
        <replaceable>time</replaceable></term>
 
308
        <term><option>--expire
 
309
        <replaceable>TIME</replaceable></option></term>
 
310
        <term><option>-x
 
311
        <replaceable>TIME</replaceable></option></term>
287
312
        <listitem>
288
313
          <para>
289
314
            Key expire time.  Default is no expiration.  See
292
317
          </para>
293
318
        </listitem>
294
319
      </varlistentry>
295
 
 
296
 
      <varlistentry>
297
 
        <term><literal>-f</literal>, <literal>--force</literal></term>
298
 
        <listitem>
299
 
          <para>
300
 
            Force overwriting old keys.
 
320
      
 
321
      <varlistentry>
 
322
        <term><option>--force</option></term>
 
323
        <term><option>-f</option></term>
 
324
        <listitem>
 
325
          <para>
 
326
            Force overwriting old key.
 
327
          </para>
 
328
        </listitem>
 
329
      </varlistentry>
 
330
      <varlistentry>
 
331
        <term><option>--password</option></term>
 
332
        <term><option>-p</option></term>
 
333
        <listitem>
 
334
          <para>
 
335
            Prompt for a password and encrypt it with the key already
 
336
            present in either <filename>/etc/mandos</filename> or the
 
337
            directory specified with the <option>--dir</option>
 
338
            option.  Outputs, on standard output, a section suitable
 
339
            for inclusion in <citerefentry><refentrytitle
 
340
            >mandos-clients.conf</refentrytitle><manvolnum
 
341
            >8</manvolnum></citerefentry>.  The host name or the name
 
342
            specified with the <option>--name</option> option is used
 
343
            for the section header.  All other options are ignored,
 
344
            and no key is created.
 
345
          </para>
 
346
        </listitem>
 
347
      </varlistentry>
 
348
      <varlistentry>
 
349
        <term><option>--passfile
 
350
        <replaceable>FILE</replaceable></option></term>
 
351
        <term><option>-F
 
352
        <replaceable>FILE</replaceable></option></term>
 
353
        <listitem>
 
354
          <para>
 
355
            The same as <option>--password</option>, but read from
 
356
            <replaceable>FILE</replaceable>, not the terminal.
 
357
          </para>
 
358
        </listitem>
 
359
      </varlistentry>
 
360
      <varlistentry>
 
361
        <term><option>--no-ssh</option></term>
 
362
        <term><option>-S</option></term>
 
363
        <listitem>
 
364
          <para>
 
365
            When <option>--password</option> or
 
366
            <option>--passfile</option> is given, this option will
 
367
            prevent <command>&COMMANDNAME;</command> from calling
 
368
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
369
            for this host and, if successful, output suitable config
 
370
            options to use this fingerprint as a
 
371
            <option>checker</option> option in the output.  This is
 
372
            otherwise the default behavior.
301
373
          </para>
302
374
        </listitem>
303
375
      </varlistentry>
304
376
    </variablelist>
305
377
  </refsect1>
306
 
 
 
378
  
307
379
  <refsect1 id="overview">
308
380
    <title>OVERVIEW</title>
309
381
    <xi:include href="overview.xml"/>
310
382
    <para>
311
383
      This program is a small utility to generate new OpenPGP keys for
312
 
      new Mandos clients.
 
384
      new Mandos clients, and to generate sections for inclusion in
 
385
      <filename>clients.conf</filename> on the server.
313
386
    </para>
314
387
  </refsect1>
315
 
 
 
388
  
316
389
  <refsect1 id="exit_status">
317
390
    <title>EXIT STATUS</title>
318
391
    <para>
319
 
      The exit status will be 0 if new keys were successfully created,
320
 
      otherwise not.
 
392
      The exit status will be 0 if a new key (or password, if the
 
393
      <option>--password</option> option was used) was successfully
 
394
      created, otherwise not.
321
395
    </para>
322
396
  </refsect1>
323
397
  
325
399
    <title>ENVIRONMENT</title>
326
400
    <variablelist>
327
401
      <varlistentry>
328
 
        <term><varname>TMPDIR</varname></term>
 
402
        <term><envar>TMPDIR</envar></term>
329
403
        <listitem>
330
404
          <para>
331
405
            If set, temporary files will be created here. See
337
411
    </variablelist>
338
412
  </refsect1>
339
413
  
340
 
  <refsect1 id="file">
 
414
  <refsect1 id="files">
341
415
    <title>FILES</title>
342
416
    <para>
343
417
      Use the <option>--dir</option> option to change where
364
438
        </listitem>
365
439
      </varlistentry>
366
440
      <varlistentry>
367
 
        <term><filename>/tmp</filename></term>
 
441
        <term><filename class="directory">/tmp</filename></term>
368
442
        <listitem>
369
443
          <para>
370
444
            Temporary files will be written here if
374
448
      </varlistentry>
375
449
    </variablelist>
376
450
  </refsect1>
377
 
 
378
 
  <refsect1 id="bugs">
379
 
    <title>BUGS</title>
380
 
    <para>
381
 
      None are known at this time.
382
 
    </para>
383
 
  </refsect1>
384
 
 
 
451
  
 
452
<!--   <refsect1 id="bugs"> -->
 
453
<!--     <title>BUGS</title> -->
 
454
<!--     <para> -->
 
455
<!--     </para> -->
 
456
<!--   </refsect1> -->
 
457
  
385
458
  <refsect1 id="example">
386
459
    <title>EXAMPLE</title>
387
460
    <informalexample>
389
462
        Normal invocation needs no options:
390
463
      </para>
391
464
      <para>
392
 
        <userinput>mandos-keygen</userinput>
 
465
        <userinput>&COMMANDNAME;</userinput>
393
466
      </para>
394
467
    </informalexample>
395
468
    <informalexample>
396
469
      <para>
397
 
        Create keys in another directory and of another type.  Force
 
470
        Create key in another directory and of another type.  Force
398
471
        overwriting old key files:
399
472
      </para>
400
473
      <para>
401
474
 
402
475
<!-- do not wrap this line -->
403
 
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
 
476
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
 
477
 
 
478
      </para>
 
479
    </informalexample>
 
480
    <informalexample>
 
481
      <para>
 
482
        Prompt for a password, encrypt it with the key in <filename
 
483
        class="directory">/etc/mandos</filename> and output a section
 
484
        suitable for <filename>clients.conf</filename>.
 
485
      </para>
 
486
      <para>
 
487
        <userinput>&COMMANDNAME; --password</userinput>
 
488
      </para>
 
489
    </informalexample>
 
490
    <informalexample>
 
491
      <para>
 
492
        Prompt for a password, encrypt it with the key in the
 
493
        <filename>client-key</filename> directory and output a section
 
494
        suitable for <filename>clients.conf</filename>.
 
495
      </para>
 
496
      <para>
 
497
 
 
498
<!-- do not wrap this line -->
 
499
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
404
500
 
405
501
      </para>
406
502
    </informalexample>
407
503
  </refsect1>
408
 
 
 
504
  
409
505
  <refsect1 id="security">
410
506
    <title>SECURITY</title>
411
507
    <para>
412
508
      The <option>--type</option>, <option>--length</option>,
413
509
      <option>--subtype</option>, and <option>--sublength</option>
414
 
      options can be used to create keys of insufficient security.  If
415
 
      in doubt, leave them to the default values.
 
510
      options can be used to create keys of low security.  If in
 
511
      doubt, leave them to the default values.
416
512
    </para>
417
513
    <para>
418
 
      The key expire time is not guaranteed to be honored by
419
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
514
      The key expire time is <emphasis>not</emphasis> guaranteed to be
 
515
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
420
516
      <manvolnum>8</manvolnum></citerefentry>.
421
517
    </para>
422
518
  </refsect1>
423
 
 
 
519
  
424
520
  <refsect1 id="see_also">
425
521
    <title>SEE ALSO</title>
426
522
    <para>
427
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
523
      <citerefentry><refentrytitle>intro</refentrytitle>
428
524
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
525
      <citerefentry><refentrytitle>gpg</refentrytitle>
 
526
      <manvolnum>1</manvolnum></citerefentry>,
 
527
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
528
      <manvolnum>5</manvolnum></citerefentry>,
429
529
      <citerefentry><refentrytitle>mandos</refentrytitle>
430
530
      <manvolnum>8</manvolnum></citerefentry>,
431
 
      <citerefentry><refentrytitle>gpg</refentrytitle>
 
531
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
532
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
533
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
432
534
      <manvolnum>1</manvolnum></citerefentry>
433
535
    </para>
434
536
  </refsect1>
435
537
  
436
538
</refentry>
 
539
<!-- Local Variables: -->
 
540
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
541
<!-- time-stamp-end: "[\"']>" -->
 
542
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
543
<!-- End: -->