/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2018-08-15 09:26:02 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 368.
  • Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u
mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos-keygen">
6
 
<!ENTITY TIMESTAMP "2008-09-12">
 
5
<!ENTITY TIMESTAMP "2018-02-08">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
7
8
]>
8
9
 
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
    <title>Mandos Manual</title>
12
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
14
    <productname>Mandos</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productnumber>&version;</productnumber>
15
16
    <date>&TIMESTAMP;</date>
16
17
    <authorgroup>
17
18
      <author>
18
19
        <firstname>Björn</firstname>
19
20
        <surname>Påhlsson</surname>
20
21
        <address>
21
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
22
23
        </address>
23
24
      </author>
24
25
      <author>
25
26
        <firstname>Teddy</firstname>
26
27
        <surname>Hogeborn</surname>
27
28
        <address>
28
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
29
30
        </address>
30
31
      </author>
31
32
    </authorgroup>
32
33
    <copyright>
33
34
      <year>2008</year>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
 
43
      <year>2017</year>
 
44
      <year>2018</year>
34
45
      <holder>Teddy Hogeborn</holder>
35
46
      <holder>Björn Påhlsson</holder>
36
47
    </copyright>
115
126
        <replaceable>TIME</replaceable></option></arg>
116
127
      </group>
117
128
      <sbr/>
118
 
      <arg><option>--force</option></arg>
 
129
      <group>
 
130
        <arg choice="plain"><option>--force</option></arg>
 
131
        <arg choice="plain"><option>-f</option></arg>
 
132
      </group>
119
133
    </cmdsynopsis>
120
134
    <cmdsynopsis>
121
135
      <command>&COMMANDNAME;</command>
122
136
      <group choice="req">
123
137
        <arg choice="plain"><option>--password</option></arg>
124
138
        <arg choice="plain"><option>-p</option></arg>
 
139
        <arg choice="plain"><option>--passfile
 
140
        <replaceable>FILE</replaceable></option></arg>
 
141
        <arg choice="plain"><option>-F</option>
 
142
        <replaceable>FILE</replaceable></arg>
125
143
      </group>
126
144
      <sbr/>
127
145
      <group>
137
155
        <arg choice="plain"><option>-n
138
156
        <replaceable>NAME</replaceable></option></arg>
139
157
      </group>
 
158
      <group>
 
159
        <arg choice="plain"><option>--no-ssh</option></arg>
 
160
        <arg choice="plain"><option>-S</option></arg>
 
161
      </group>
140
162
    </cmdsynopsis>
141
163
    <cmdsynopsis>
142
164
      <command>&COMMANDNAME;</command>
167
189
    </para>
168
190
    <para>
169
191
      This program can also be used with the
170
 
      <option>--password</option> option to generate a ready-made
171
 
      section for <filename>clients.conf</filename> (see
 
192
      <option>--password</option> or <option>--passfile</option>
 
193
      options to generate a ready-made section for
 
194
      <filename>clients.conf</filename> (see
172
195
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
173
196
      <manvolnum>5</manvolnum></citerefentry>).
174
197
    </para>
206
229
        <listitem>
207
230
          <para>
208
231
            Target directory for key files.  Default is
209
 
            <filename>/etc/mandos</filename>.
 
232
            <filename class="directory">/etc/mandos</filename>.
210
233
          </para>
211
234
        </listitem>
212
235
      </varlistentry>
218
241
        <replaceable>TYPE</replaceable></option></term>
219
242
        <listitem>
220
243
          <para>
221
 
            Key type.  Default is <quote>DSA</quote>.
 
244
            Key type.  Default is <quote>RSA</quote>.
222
245
          </para>
223
246
        </listitem>
224
247
      </varlistentry>
230
253
        <replaceable>BITS</replaceable></option></term>
231
254
        <listitem>
232
255
          <para>
233
 
            Key length in bits.  Default is 2048.
 
256
            Key length in bits.  Default is 4096.
234
257
          </para>
235
258
        </listitem>
236
259
      </varlistentry>
242
265
        <replaceable>KEYTYPE</replaceable></option></term>
243
266
        <listitem>
244
267
          <para>
245
 
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
 
268
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
246
269
            encryption-only).
247
270
          </para>
248
271
        </listitem>
255
278
        <replaceable>BITS</replaceable></option></term>
256
279
        <listitem>
257
280
          <para>
258
 
            Subkey length in bits.  Default is 2048.
 
281
            Subkey length in bits.  Default is 4096.
259
282
          </para>
260
283
        </listitem>
261
284
      </varlistentry>
279
302
        <replaceable>TEXT</replaceable></option></term>
280
303
        <listitem>
281
304
          <para>
282
 
            Comment field for key.  The default value is
283
 
            <quote><literal>Mandos client key</literal></quote>.
 
305
            Comment field for key.  Default is empty.
284
306
          </para>
285
307
        </listitem>
286
308
      </varlistentry>
326
348
          </para>
327
349
        </listitem>
328
350
      </varlistentry>
 
351
      <varlistentry>
 
352
        <term><option>--passfile
 
353
        <replaceable>FILE</replaceable></option></term>
 
354
        <term><option>-F
 
355
        <replaceable>FILE</replaceable></option></term>
 
356
        <listitem>
 
357
          <para>
 
358
            The same as <option>--password</option>, but read from
 
359
            <replaceable>FILE</replaceable>, not the terminal.
 
360
          </para>
 
361
        </listitem>
 
362
      </varlistentry>
 
363
      <varlistentry>
 
364
        <term><option>--no-ssh</option></term>
 
365
        <term><option>-S</option></term>
 
366
        <listitem>
 
367
          <para>
 
368
            When <option>--password</option> or
 
369
            <option>--passfile</option> is given, this option will
 
370
            prevent <command>&COMMANDNAME;</command> from calling
 
371
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
372
            for this host and, if successful, output suitable config
 
373
            options to use this fingerprint as a
 
374
            <option>checker</option> option in the output.  This is
 
375
            otherwise the default behavior.
 
376
          </para>
 
377
        </listitem>
 
378
      </varlistentry>
329
379
    </variablelist>
330
380
  </refsect1>
331
381
  
364
414
    </variablelist>
365
415
  </refsect1>
366
416
  
367
 
  <refsect1 id="file">
 
417
  <refsect1 id="files">
368
418
    <title>FILES</title>
369
419
    <para>
370
420
      Use the <option>--dir</option> option to change where
391
441
        </listitem>
392
442
      </varlistentry>
393
443
      <varlistentry>
394
 
        <term><filename>/tmp</filename></term>
 
444
        <term><filename class="directory">/tmp</filename></term>
395
445
        <listitem>
396
446
          <para>
397
447
            Temporary files will be written here if
402
452
    </variablelist>
403
453
  </refsect1>
404
454
  
405
 
<!--   <refsect1 id="bugs"> -->
406
 
<!--     <title>BUGS</title> -->
407
 
<!--     <para> -->
408
 
<!--     </para> -->
409
 
<!--   </refsect1> -->
 
455
  <refsect1 id="bugs">
 
456
    <title>BUGS</title>
 
457
    <xi:include href="bugs.xml"/>
 
458
  </refsect1>
410
459
  
411
460
  <refsect1 id="example">
412
461
    <title>EXAMPLE</title>
432
481
    </informalexample>
433
482
    <informalexample>
434
483
      <para>
435
 
        Prompt for a password, encrypt it with the key in
436
 
        <filename>/etc/mandos</filename> and output a section suitable
437
 
        for <filename>clients.conf</filename>.
 
484
        Prompt for a password, encrypt it with the key in <filename
 
485
        class="directory">/etc/mandos</filename> and output a section
 
486
        suitable for <filename>clients.conf</filename>.
438
487
      </para>
439
488
      <para>
440
489
        <userinput>&COMMANDNAME; --password</userinput>
473
522
  <refsect1 id="see_also">
474
523
    <title>SEE ALSO</title>
475
524
    <para>
 
525
      <citerefentry><refentrytitle>intro</refentrytitle>
 
526
      <manvolnum>8mandos</manvolnum></citerefentry>,
476
527
      <citerefentry><refentrytitle>gpg</refentrytitle>
477
528
      <manvolnum>1</manvolnum></citerefentry>,
478
529
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
480
531
      <citerefentry><refentrytitle>mandos</refentrytitle>
481
532
      <manvolnum>8</manvolnum></citerefentry>,
482
533
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
483
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
534
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
535
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
 
536
      <manvolnum>1</manvolnum></citerefentry>
484
537
    </para>
485
538
  </refsect1>
486
539