/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

merge + small bugfix

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2013-10-22">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
20
17
        <surname>Påhlsson</surname>
21
18
        <address>
22
 
          <email>belorn@recompile.se</email>
 
19
          <email>belorn@fukt.bsnet.se</email>
23
20
        </address>
24
21
      </author>
25
22
      <author>
26
23
        <firstname>Teddy</firstname>
27
24
        <surname>Hogeborn</surname>
28
25
        <address>
29
 
          <email>teddy@recompile.se</email>
 
26
          <email>teddy@fukt.bsnet.se</email>
30
27
        </address>
31
28
      </author>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2011</year>
37
 
      <year>2012</year>
38
32
      <holder>Teddy Hogeborn</holder>
39
33
      <holder>Björn Påhlsson</holder>
40
34
    </copyright>
41
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
42
58
  </refentryinfo>
43
 
  
 
59
 
44
60
  <refmeta>
45
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
46
62
    <manvolnum>8</manvolnum>
49
65
  <refnamediv>
50
66
    <refname><command>&COMMANDNAME;</command></refname>
51
67
    <refpurpose>
52
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
53
70
    </refpurpose>
54
71
  </refnamediv>
55
 
  
 
72
 
56
73
  <refsynopsisdiv>
57
74
    <cmdsynopsis>
58
75
      <command>&COMMANDNAME;</command>
59
 
      <group>
60
 
        <arg choice="plain"><option>--dir
61
 
        <replaceable>DIRECTORY</replaceable></option></arg>
62
 
        <arg choice="plain"><option>-d
63
 
        <replaceable>DIRECTORY</replaceable></option></arg>
64
 
      </group>
65
 
      <sbr/>
66
 
      <group>
67
 
        <arg choice="plain"><option>--type
68
 
        <replaceable>KEYTYPE</replaceable></option></arg>
69
 
        <arg choice="plain"><option>-t
70
 
        <replaceable>KEYTYPE</replaceable></option></arg>
71
 
      </group>
72
 
      <sbr/>
73
 
      <group>
74
 
        <arg choice="plain"><option>--length
75
 
        <replaceable>BITS</replaceable></option></arg>
76
 
        <arg choice="plain"><option>-l
77
 
        <replaceable>BITS</replaceable></option></arg>
78
 
      </group>
79
 
      <sbr/>
80
 
      <group>
81
 
        <arg choice="plain"><option>--subtype
82
 
        <replaceable>KEYTYPE</replaceable></option></arg>
83
 
        <arg choice="plain"><option>-s
84
 
        <replaceable>KEYTYPE</replaceable></option></arg>
85
 
      </group>
86
 
      <sbr/>
87
 
      <group>
88
 
        <arg choice="plain"><option>--sublength
89
 
        <replaceable>BITS</replaceable></option></arg>
90
 
        <arg choice="plain"><option>-L
91
 
        <replaceable>BITS</replaceable></option></arg>
92
 
      </group>
93
 
      <sbr/>
94
 
      <group>
95
 
        <arg choice="plain"><option>--name
96
 
        <replaceable>NAME</replaceable></option></arg>
97
 
        <arg choice="plain"><option>-n
98
 
        <replaceable>NAME</replaceable></option></arg>
99
 
      </group>
100
 
      <sbr/>
101
 
      <group>
102
 
        <arg choice="plain"><option>--email
103
 
        <replaceable>ADDRESS</replaceable></option></arg>
104
 
        <arg choice="plain"><option>-e
105
 
        <replaceable>ADDRESS</replaceable></option></arg>
106
 
      </group>
107
 
      <sbr/>
108
 
      <group>
109
 
        <arg choice="plain"><option>--comment
110
 
        <replaceable>TEXT</replaceable></option></arg>
111
 
        <arg choice="plain"><option>-c
112
 
        <replaceable>TEXT</replaceable></option></arg>
113
 
      </group>
114
 
      <sbr/>
115
 
      <group>
116
 
        <arg choice="plain"><option>--expire
117
 
        <replaceable>TIME</replaceable></option></arg>
118
 
        <arg choice="plain"><option>-x
119
 
        <replaceable>TIME</replaceable></option></arg>
120
 
      </group>
121
 
      <sbr/>
122
 
      <arg><option>--force</option></arg>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
 
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
 
155
        <arg choice="plain"><option>-f</option></arg>
 
156
      </group>
123
157
    </cmdsynopsis>
124
158
    <cmdsynopsis>
125
159
      <command>&COMMANDNAME;</command>
126
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
127
162
        <arg choice="plain"><option>--password</option></arg>
128
 
        <arg choice="plain"><option>-p</option></arg>
129
 
        <arg choice="plain"><option>--passfile
130
 
        <replaceable>FILE</replaceable></option></arg>
131
 
        <arg choice="plain"><option>-F</option>
132
 
        <replaceable>FILE</replaceable></arg>
133
 
      </group>
134
 
      <sbr/>
135
 
      <group>
136
 
        <arg choice="plain"><option>--dir
137
 
        <replaceable>DIRECTORY</replaceable></option></arg>
138
 
        <arg choice="plain"><option>-d
139
 
        <replaceable>DIRECTORY</replaceable></option></arg>
140
 
      </group>
141
 
      <sbr/>
142
 
      <group>
143
 
        <arg choice="plain"><option>--name
144
 
        <replaceable>NAME</replaceable></option></arg>
145
 
        <arg choice="plain"><option>-n
146
 
        <replaceable>NAME</replaceable></option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
147
171
      </group>
148
172
    </cmdsynopsis>
149
173
    <cmdsynopsis>
150
174
      <command>&COMMANDNAME;</command>
151
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
152
177
        <arg choice="plain"><option>--help</option></arg>
153
 
        <arg choice="plain"><option>-h</option></arg>
154
178
      </group>
155
179
    </cmdsynopsis>
156
180
    <cmdsynopsis>
157
181
      <command>&COMMANDNAME;</command>
158
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
159
184
        <arg choice="plain"><option>--version</option></arg>
160
 
        <arg choice="plain"><option>-v</option></arg>
161
185
      </group>
162
186
    </cmdsynopsis>
163
187
  </refsynopsisdiv>
164
 
  
 
188
 
165
189
  <refsect1 id="description">
166
190
    <title>DESCRIPTION</title>
167
191
    <para>
168
192
      <command>&COMMANDNAME;</command> is a program to generate the
169
 
      OpenPGP key used by
170
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
171
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
172
196
      normally written to /etc/mandos for later installation into the
173
 
      initrd image, but this, and most other things, can be changed
174
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
175
199
    </para>
176
200
    <para>
177
 
      This program can also be used with the
178
 
      <option>--password</option> or <option>--passfile</option>
179
 
      options to generate a ready-made section for
180
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
181
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
182
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
183
205
    </para>
184
206
  </refsect1>
185
207
  
186
208
  <refsect1 id="purpose">
187
209
    <title>PURPOSE</title>
 
210
 
188
211
    <para>
189
212
      The purpose of this is to enable <emphasis>remote and unattended
190
213
      rebooting</emphasis> of client host computer with an
191
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
192
215
      linkend="overview"/> for details.
193
216
    </para>
 
217
 
194
218
  </refsect1>
195
219
  
196
220
  <refsect1 id="options">
197
221
    <title>OPTIONS</title>
198
 
    
 
222
 
199
223
    <variablelist>
200
224
      <varlistentry>
201
 
        <term><option>--help</option></term>
202
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
203
226
        <listitem>
204
227
          <para>
205
228
            Show a help message and exit
206
229
          </para>
207
230
        </listitem>
208
231
      </varlistentry>
209
 
      
 
232
 
210
233
      <varlistentry>
211
 
        <term><option>--dir
212
 
        <replaceable>DIRECTORY</replaceable></option></term>
213
 
        <term><option>-d
214
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
215
236
        <listitem>
216
237
          <para>
217
238
            Target directory for key files.  Default is
218
 
            <filename class="directory">/etc/mandos</filename>.
219
 
          </para>
220
 
        </listitem>
221
 
      </varlistentry>
222
 
      
223
 
      <varlistentry>
224
 
        <term><option>--type
225
 
        <replaceable>TYPE</replaceable></option></term>
226
 
        <term><option>-t
227
 
        <replaceable>TYPE</replaceable></option></term>
228
 
        <listitem>
229
 
          <para>
230
 
            Key type.  Default is <quote>RSA</quote>.
231
 
          </para>
232
 
        </listitem>
233
 
      </varlistentry>
234
 
      
235
 
      <varlistentry>
236
 
        <term><option>--length
237
 
        <replaceable>BITS</replaceable></option></term>
238
 
        <term><option>-l
239
 
        <replaceable>BITS</replaceable></option></term>
240
 
        <listitem>
241
 
          <para>
242
 
            Key length in bits.  Default is 4096.
243
 
          </para>
244
 
        </listitem>
245
 
      </varlistentry>
246
 
      
247
 
      <varlistentry>
248
 
        <term><option>--subtype
249
 
        <replaceable>KEYTYPE</replaceable></option></term>
250
 
        <term><option>-s
251
 
        <replaceable>KEYTYPE</replaceable></option></term>
252
 
        <listitem>
253
 
          <para>
254
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
239
            <filename>/etc/mandos</filename>.
 
240
          </para>
 
241
        </listitem>
 
242
      </varlistentry>
 
243
 
 
244
      <varlistentry>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
 
247
        <listitem>
 
248
          <para>
 
249
            Key type.  Default is <quote>DSA</quote>.
 
250
          </para>
 
251
        </listitem>
 
252
      </varlistentry>
 
253
 
 
254
      <varlistentry>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
 
257
        <listitem>
 
258
          <para>
 
259
            Key length in bits.  Default is 1024.
 
260
          </para>
 
261
        </listitem>
 
262
      </varlistentry>
 
263
 
 
264
      <varlistentry>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
 
267
        <listitem>
 
268
          <para>
 
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
255
270
            encryption-only).
256
271
          </para>
257
272
        </listitem>
258
273
      </varlistentry>
259
 
      
 
274
 
260
275
      <varlistentry>
261
 
        <term><option>--sublength
262
 
        <replaceable>BITS</replaceable></option></term>
263
 
        <term><option>-L
264
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
265
278
        <listitem>
266
279
          <para>
267
 
            Subkey length in bits.  Default is 4096.
 
280
            Subkey length in bits.  Default is 2048.
268
281
          </para>
269
282
        </listitem>
270
283
      </varlistentry>
271
 
      
 
284
 
272
285
      <varlistentry>
273
 
        <term><option>--email
274
 
        <replaceable>ADDRESS</replaceable></option></term>
275
 
        <term><option>-e
276
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
277
288
        <listitem>
278
289
          <para>
279
290
            Email address of key.  Default is empty.
280
291
          </para>
281
292
        </listitem>
282
293
      </varlistentry>
283
 
      
 
294
 
284
295
      <varlistentry>
285
 
        <term><option>--comment
286
 
        <replaceable>TEXT</replaceable></option></term>
287
 
        <term><option>-c
288
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
289
298
        <listitem>
290
299
          <para>
291
 
            Comment field for key.  Default is empty.
 
300
            Comment field for key.  The default value is
 
301
            <quote><literal>Mandos client key</literal></quote>.
292
302
          </para>
293
303
        </listitem>
294
304
      </varlistentry>
295
 
      
 
305
 
296
306
      <varlistentry>
297
 
        <term><option>--expire
298
 
        <replaceable>TIME</replaceable></option></term>
299
 
        <term><option>-x
300
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
301
309
        <listitem>
302
310
          <para>
303
311
            Key expire time.  Default is no expiration.  See
306
314
          </para>
307
315
        </listitem>
308
316
      </varlistentry>
309
 
      
 
317
 
310
318
      <varlistentry>
311
 
        <term><option>--force</option></term>
312
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
313
320
        <listitem>
314
321
          <para>
315
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
316
323
          </para>
317
324
        </listitem>
318
325
      </varlistentry>
319
326
      <varlistentry>
320
 
        <term><option>--password</option></term>
321
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
322
329
        <listitem>
323
330
          <para>
324
331
            Prompt for a password and encrypt it with the key already
330
337
            >8</manvolnum></citerefentry>.  The host name or the name
331
338
            specified with the <option>--name</option> option is used
332
339
            for the section header.  All other options are ignored,
333
 
            and no key is created.
334
 
          </para>
335
 
        </listitem>
336
 
      </varlistentry>
337
 
      <varlistentry>
338
 
        <term><option>--passfile
339
 
        <replaceable>FILE</replaceable></option></term>
340
 
        <term><option>-F
341
 
        <replaceable>FILE</replaceable></option></term>
342
 
        <listitem>
343
 
          <para>
344
 
            The same as <option>--password</option>, but read from
345
 
            <replaceable>FILE</replaceable>, not the terminal.
 
340
            and no keys are created.
346
341
          </para>
347
342
        </listitem>
348
343
      </varlistentry>
349
344
    </variablelist>
350
345
  </refsect1>
351
 
  
 
346
 
352
347
  <refsect1 id="overview">
353
348
    <title>OVERVIEW</title>
354
349
    <xi:include href="overview.xml"/>
355
350
    <para>
356
351
      This program is a small utility to generate new OpenPGP keys for
357
 
      new Mandos clients, and to generate sections for inclusion in
358
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
359
353
    </para>
360
354
  </refsect1>
361
 
  
 
355
 
362
356
  <refsect1 id="exit_status">
363
357
    <title>EXIT STATUS</title>
364
358
    <para>
365
 
      The exit status will be 0 if a new key (or password, if the
366
 
      <option>--password</option> option was used) was successfully
367
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
368
361
    </para>
369
362
  </refsect1>
370
363
  
372
365
    <title>ENVIRONMENT</title>
373
366
    <variablelist>
374
367
      <varlistentry>
375
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
376
369
        <listitem>
377
370
          <para>
378
371
            If set, temporary files will be created here. See
384
377
    </variablelist>
385
378
  </refsect1>
386
379
  
387
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
388
381
    <title>FILES</title>
389
382
    <para>
390
383
      Use the <option>--dir</option> option to change where
411
404
        </listitem>
412
405
      </varlistentry>
413
406
      <varlistentry>
414
 
        <term><filename class="directory">/tmp</filename></term>
 
407
        <term><filename>/tmp</filename></term>
415
408
        <listitem>
416
409
          <para>
417
410
            Temporary files will be written here if
421
414
      </varlistentry>
422
415
    </variablelist>
423
416
  </refsect1>
424
 
  
425
 
<!--   <refsect1 id="bugs"> -->
426
 
<!--     <title>BUGS</title> -->
427
 
<!--     <para> -->
428
 
<!--     </para> -->
429
 
<!--   </refsect1> -->
430
 
  
 
417
 
 
418
  <refsect1 id="bugs">
 
419
    <title>BUGS</title>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
 
423
  </refsect1>
 
424
 
431
425
  <refsect1 id="example">
432
426
    <title>EXAMPLE</title>
433
427
    <informalexample>
435
429
        Normal invocation needs no options:
436
430
      </para>
437
431
      <para>
438
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
439
433
      </para>
440
434
    </informalexample>
441
435
    <informalexample>
442
436
      <para>
443
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
444
438
        overwriting old key files:
445
439
      </para>
446
440
      <para>
447
441
 
448
442
<!-- do not wrap this line -->
449
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
450
 
 
451
 
      </para>
452
 
    </informalexample>
453
 
    <informalexample>
454
 
      <para>
455
 
        Prompt for a password, encrypt it with the key in <filename
456
 
        class="directory">/etc/mandos</filename> and output a section
457
 
        suitable for <filename>clients.conf</filename>.
458
 
      </para>
459
 
      <para>
460
 
        <userinput>&COMMANDNAME; --password</userinput>
461
 
      </para>
462
 
    </informalexample>
463
 
    <informalexample>
464
 
      <para>
465
 
        Prompt for a password, encrypt it with the key in the
466
 
        <filename>client-key</filename> directory and output a section
467
 
        suitable for <filename>clients.conf</filename>.
468
 
      </para>
469
 
      <para>
470
 
 
471
 
<!-- do not wrap this line -->
472
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
473
444
 
474
445
      </para>
475
446
    </informalexample>
476
447
  </refsect1>
477
 
  
 
448
 
478
449
  <refsect1 id="security">
479
450
    <title>SECURITY</title>
480
451
    <para>
481
452
      The <option>--type</option>, <option>--length</option>,
482
453
      <option>--subtype</option>, and <option>--sublength</option>
483
 
      options can be used to create keys of low security.  If in
484
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
485
456
    </para>
486
457
    <para>
487
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
488
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
489
460
      <manvolnum>8</manvolnum></citerefentry>.
490
461
    </para>
491
462
  </refsect1>
492
 
  
 
463
 
493
464
  <refsect1 id="see_also">
494
465
    <title>SEE ALSO</title>
495
466
    <para>
496
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
497
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
498
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
499
 
      <manvolnum>1</manvolnum></citerefentry>,
500
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
501
 
      <manvolnum>5</manvolnum></citerefentry>,
502
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
503
 
      <manvolnum>8</manvolnum></citerefentry>,
504
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
505
 
      <manvolnum>8mandos</manvolnum></citerefentry>
 
472
      <manvolnum>1</manvolnum></citerefentry>
506
473
    </para>
507
474
  </refsect1>
508
475
  
509
476
</refentry>
510
 
<!-- Local Variables: -->
511
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
512
 
<!-- time-stamp-end: "[\"']>" -->
513
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
514
 
<!-- End: -->