/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-06-03 17:27:03 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 343.
  • Revision ID: teddy@recompile.se-20160603172703-mc6tjor6rhq4xy74
mandos: Bug fix: Do multiprocessing cleanup correctly on exit

* mandos (main): Save module "multiprocessing" and open file "wnull"
                 as scope variables accessible by function cleanup(),
                 since the module and global variable may not be
                 accessible when the cleanup() function is run as
                 scheduled by atexit().

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-keygen.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2019-02-10">
 
5
<!ENTITY TIMESTAMP "2016-03-05">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
40
40
      <year>2014</year>
41
41
      <year>2015</year>
42
42
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
43
      <holder>Teddy Hogeborn</holder>
46
44
      <holder>Björn Påhlsson</holder>
47
45
    </copyright>
127
125
      </group>
128
126
      <sbr/>
129
127
      <group>
130
 
        <arg choice="plain"><option>--tls-keytype
131
 
        <replaceable>KEYTYPE</replaceable></option></arg>
132
 
        <arg choice="plain"><option>-T
133
 
        <replaceable>KEYTYPE</replaceable></option></arg>
134
 
      </group>
135
 
      <sbr/>
136
 
      <group>
137
128
        <arg choice="plain"><option>--force</option></arg>
138
129
        <arg choice="plain"><option>-f</option></arg>
139
130
      </group>
187
178
    <title>DESCRIPTION</title>
188
179
    <para>
189
180
      <command>&COMMANDNAME;</command> is a program to generate the
190
 
      TLS and OpenPGP keys used by
 
181
      OpenPGP key used by
191
182
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
192
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
193
 
      normally written to /etc/keys/mandos for later installation into
194
 
      the initrd image, but this, and most other things, can be
195
 
      changed with command line options.
 
183
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
184
      normally written to /etc/mandos for later installation into the
 
185
      initrd image, but this, and most other things, can be changed
 
186
      with command line options.
196
187
    </para>
197
188
    <para>
198
189
      This program can also be used with the
235
226
        <replaceable>DIRECTORY</replaceable></option></term>
236
227
        <listitem>
237
228
          <para>
238
 
            Target directory for key files.  Default is <filename
239
 
            class="directory">/etc/keys/mandos</filename>.
 
229
            Target directory for key files.  Default is
 
230
            <filename class="directory">/etc/mandos</filename>.
240
231
          </para>
241
232
        </listitem>
242
233
      </varlistentry>
248
239
        <replaceable>TYPE</replaceable></option></term>
249
240
        <listitem>
250
241
          <para>
251
 
            OpenPGP key type.  Default is <quote>RSA</quote>.
 
242
            Key type.  Default is <quote>RSA</quote>.
252
243
          </para>
253
244
        </listitem>
254
245
      </varlistentry>
260
251
        <replaceable>BITS</replaceable></option></term>
261
252
        <listitem>
262
253
          <para>
263
 
            OpenPGP key length in bits.  Default is 4096.
 
254
            Key length in bits.  Default is 4096.
264
255
          </para>
265
256
        </listitem>
266
257
      </varlistentry>
272
263
        <replaceable>KEYTYPE</replaceable></option></term>
273
264
        <listitem>
274
265
          <para>
275
 
            OpenPGP subkey type.  Default is <quote>RSA</quote>
 
266
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
267
            encryption-only).
276
268
          </para>
277
269
        </listitem>
278
270
      </varlistentry>
284
276
        <replaceable>BITS</replaceable></option></term>
285
277
        <listitem>
286
278
          <para>
287
 
            OpenPGP subkey length in bits.  Default is 4096.
 
279
            Subkey length in bits.  Default is 4096.
288
280
          </para>
289
281
        </listitem>
290
282
      </varlistentry>
328
320
      </varlistentry>
329
321
      
330
322
      <varlistentry>
331
 
        <term><option>--tls-keytype
332
 
        <replaceable>KEYTYPE</replaceable></option></term>
333
 
        <term><option>-T
334
 
        <replaceable>KEYTYPE</replaceable></option></term>
335
 
        <listitem>
336
 
          <para>
337
 
            TLS key type.  Default is <quote>ed25519</quote>
338
 
          </para>
339
 
        </listitem>
340
 
      </varlistentry>
341
 
      
342
 
      <varlistentry>
343
323
        <term><option>--force</option></term>
344
324
        <term><option>-f</option></term>
345
325
        <listitem>
354
334
        <listitem>
355
335
          <para>
356
336
            Prompt for a password and encrypt it with the key already
357
 
            present in either <filename>/etc/keys/mandos</filename> or
358
 
            the directory specified with the <option>--dir</option>
 
337
            present in either <filename>/etc/mandos</filename> or the
 
338
            directory specified with the <option>--dir</option>
359
339
            option.  Outputs, on standard output, a section suitable
360
340
            for inclusion in <citerefentry><refentrytitle
361
341
            >mandos-clients.conf</refentrytitle><manvolnum
401
381
    <title>OVERVIEW</title>
402
382
    <xi:include href="overview.xml"/>
403
383
    <para>
404
 
      This program is a small utility to generate new TLS and OpenPGP
405
 
      keys for new Mandos clients, and to generate sections for
406
 
      inclusion in <filename>clients.conf</filename> on the server.
 
384
      This program is a small utility to generate new OpenPGP keys for
 
385
      new Mandos clients, and to generate sections for inclusion in
 
386
      <filename>clients.conf</filename> on the server.
407
387
    </para>
408
388
  </refsect1>
409
389
  
441
421
    </para>
442
422
    <variablelist>
443
423
      <varlistentry>
444
 
        <term><filename>/etc/keys/mandos/seckey.txt</filename></term>
 
424
        <term><filename>/etc/mandos/seckey.txt</filename></term>
445
425
        <listitem>
446
426
          <para>
447
427
            OpenPGP secret key file which will be created or
450
430
        </listitem>
451
431
      </varlistentry>
452
432
      <varlistentry>
453
 
        <term><filename>/etc/keys/mandos/pubkey.txt</filename></term>
 
433
        <term><filename>/etc/mandos/pubkey.txt</filename></term>
454
434
        <listitem>
455
435
          <para>
456
436
            OpenPGP public key file which will be created or
459
439
        </listitem>
460
440
      </varlistentry>
461
441
      <varlistentry>
462
 
        <term><filename>/etc/keys/mandos/tls-privkey.pem</filename></term>
463
 
        <listitem>
464
 
          <para>
465
 
            Private key file which will be created or overwritten.
466
 
          </para>
467
 
        </listitem>
468
 
      </varlistentry>
469
 
      <varlistentry>
470
 
        <term><filename>/etc/keys/mandos/tls-pubkey.pem</filename></term>
471
 
        <listitem>
472
 
          <para>
473
 
            Public key file which will be created or overwritten.
474
 
          </para>
475
 
        </listitem>
476
 
      </varlistentry>
477
 
      <varlistentry>
478
442
        <term><filename class="directory">/tmp</filename></term>
479
443
        <listitem>
480
444
          <para>
515
479
    </informalexample>
516
480
    <informalexample>
517
481
      <para>
518
 
        Prompt for a password, encrypt it with the keys in <filename
519
 
        class="directory">/etc/keys/mandos</filename> and output a
520
 
        section suitable for <filename>clients.conf</filename>.
 
482
        Prompt for a password, encrypt it with the key in <filename
 
483
        class="directory">/etc/mandos</filename> and output a section
 
484
        suitable for <filename>clients.conf</filename>.
521
485
      </para>
522
486
      <para>
523
487
        <userinput>&COMMANDNAME; --password</userinput>
525
489
    </informalexample>
526
490
    <informalexample>
527
491
      <para>
528
 
        Prompt for a password, encrypt it with the keys in the
 
492
        Prompt for a password, encrypt it with the key in the
529
493
        <filename>client-key</filename> directory and output a section
530
494
        suitable for <filename>clients.conf</filename>.
531
495
      </para>